← Back to Skills Marketplace
aakash2289

GovernClaw Policy Enforcer

by aakash2289 · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
112
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install governclaw-middleware
Description
Governance middleware for OpenClaw agents. Wraps HTTP, shell, file, and browser actions with policy checks via GovernClaw before execution. Required tools -...
README (SKILL.md)

GovernClaw Middleware

This skill provides governed wrappers for sensitive operations. It acts as a policy enforcement layer between agents and external systems.

When to Use This Skill

You MUST use governed tools from this skill instead of raw tools when:

  • Calling external HTTP APIs (governedHttp instead of http)
  • Running shell commands (governedShell - future)
  • Reading/writing files (governedFile - future)
  • Controlling a browser (governedBrowser - future)

How It Works

  1. You call a governed tool (e.g., governedHttp)
  2. The skill sends your request metadata to GovernClaw for policy evaluation
  3. GovernClaw returns allow or block with a reason
  4. If allowed: the underlying operation executes and returns results
  5. If blocked: the operation is cancelled and you receive a block reason

Available Tools

governedHttp

Makes HTTP requests through the GovernClaw policy engine.

Parameters:

  • method (string): HTTP method - "GET", "POST", "PUT", "DELETE"
  • url (string): Target URL
  • body (object, optional): Request body for POST/PUT
  • headers (object, optional): Custom headers

Returns:

  • On success: The HTTP response from the target
  • On block: { ok: false, blocked: true, reason: "..." }

Example:

const result = await context.tools.governclawMiddleware.governedHttp({
  method: "GET",
  url: "https://api.example.com/data"
});

if (result.blocked) {
  // Handle policy block
  console.log("Blocked:", result.reason);
}

Configuration

Set the GovernClaw service URL in your environment:

export GOVERNCLAW_URL="http://127.0.0.1:8000"

Or in openclaw.json:

{
  "skills": {
    "governclaw-middleware": {
      "env": {
        "GOVERNCLAW_URL": "http://127.0.0.1:8000"
      }
    }
  }
}

Governance Context

The skill automatically forwards these context fields to GovernClaw:

  • parent_id: The session ID (who owns the request)
  • child_id: The agent ID (who is making the request)
  • source: Where the request originated (agent, control, cron, etc.)
  • channel: The channel ID (if applicable)
  • node_id: The node ID (if applicable)
  • skill: Always "governclaw-middleware"

Error Handling

Always check for blocked in responses:

const response = await context.tools.governclawMiddleware.governedHttp({...});

if (!response.ok && response.blocked) {
  // Policy violation - do not retry
  return { error: response.reason };
}

if (!response.ok) {
  // Network or other error - may retry
  return { error: "Request failed" };
}

// Success
return response.data;

Policy Modes

GovernClaw supports three governance modes:

  • playground: Log-only, actions always allowed
  • governed: Default mode, enforce policies
  • strict: Block on any uncertainty

The skill defaults to governed mode. Future versions may allow per-request mode overrides.

Usage Guidance
This skill is coherent for enforcing policies, but you must trust the GovernClaw endpoint you configure. Before installing or enabling it: 1) Ensure GOVERNCLAW_URL points to a trusted, secure policy server (default is localhost for local testing). 2) Confirm the policy server's privacy/security practices — the skill will forward full request bodies and headers (including Authorization tokens and any sensitive data) along with session/agent identifiers. 3) If you require redaction of secrets, implement or request a GovernClaw policy or wrapper that strips/sanitizes headers and sensitive fields. 4) Note the small metadata inconsistency: the registry metadata doesn't mark GOVERNCLAW_URL as required although SKILL.md and the code use it (with a default). 5) Test in a safe environment (playground mode or local GovernClaw) before enabling for agents that handle sensitive data.
Capability Analysis
Type: OpenClaw Skill Name: governclaw-middleware Version: 1.0.0 The skill implements a governance middleware that intercepts HTTP requests to validate them against a policy engine. It sends full request metadata, including potentially sensitive headers and bodies, to a configurable endpoint (defaulting to http://127.0.0.1:8000/govern_action). While this aligns with the stated purpose, the implementation in index.ts uses the 'axios' library for its own network calls instead of the standard OpenClaw 'http' tool, which bypasses the agent's internal logging and control mechanisms. Additionally, the 'effective_payload' feature allows the remote governance server to silently modify the agent's outgoing requests, posing a risk of unauthorized redirection or data manipulation.
Capability Assessment
Purpose & Capability
The code and SKILL.md implement a governed HTTP wrapper (governedHttp) that asks a GovernClaw endpoint for allow/block decisions before executing HTTP requests via the runtime's http tool. There are no unrelated binaries, credentials, or install steps requested. The implementation matches the stated purpose.
Instruction Scope
The instructions and code forward request metadata (url, method, headers, body) plus runtime context fields (session/agent/source/channel/node ids) to the GovernClaw endpoint. This is consistent with a governance proxy, but it means sensitive headers and bodies (Authorization tokens, API keys, private data) will be transmitted to the GovernClaw service. SKILL.md does not specify any redaction or sanitization policy.
Install Mechanism
No install spec is present (instruction-only skill with a single index.ts file). No downloads or archive extraction occur. This is low risk from an installation perspective.
Credentials
The registry metadata lists no required env vars, but both SKILL.md and the code reference GOVERNCLAW_URL (default http://127.0.0.1:8000). This is reasonable and proportional for a governance proxy, but the skill will send full request payloads and context fields to that endpoint, so the environment-configured URL must be trusted. The mismatch between registry metadata (no required env) and SKILL.md (mentions GOVERNCLAW_URL) is a minor inconsistency.
Persistence & Privilege
always is false and the skill does not request persistent system-level privileges or modify other skills' configs. It does not write files or install background services. Autonomous invocation is allowed (platform default) but not an additional privilege granted by this skill.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install governclaw-middleware
  3. After installation, invoke the skill by name or use /governclaw-middleware
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
GovernClaw Middleware 1.0.0 – initial release - Introduces governed wrappers for sensitive operations, starting with governedHttp (HTTP requests with policy checks). - Mediates HTTP requests through the GovernClaw policy engine, blocking or allowing each request. - Provides clear error signaling and standardized block reasons in responses. - Configuration via GOVERNCLAW_URL environment variable or openclaw.json. - Automatically forwards session context and agent identification with each request for governance.
Metadata
Slug governclaw-middleware
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is GovernClaw Policy Enforcer?

Governance middleware for OpenClaw agents. Wraps HTTP, shell, file, and browser actions with policy checks via GovernClaw before execution. Required tools -... It is an AI Agent Skill for Claude Code / OpenClaw, with 112 downloads so far.

How do I install GovernClaw Policy Enforcer?

Run "/install governclaw-middleware" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is GovernClaw Policy Enforcer free?

Yes, GovernClaw Policy Enforcer is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does GovernClaw Policy Enforcer support?

GovernClaw Policy Enforcer is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created GovernClaw Policy Enforcer?

It is built and maintained by aakash2289 (@aakash2289); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments