← Back to Skills Marketplace
dgriffin831

Guardrails

by dgriffin831 · GitHub ↗ · v1.0.1
cross-platform ⚠ suspicious
2168
Downloads
0
Stars
9
Active Installs
2
Versions
Install in OpenClaw
/install guardrails
Description
Interactively configure, review, and monitor security guardrails for your OpenClaw workspace by discovering risks, interviewing users, and generating GUARDRA...
README (SKILL.md)

guardrails - Interactive Security Guardrails Configuration

Helps users configure comprehensive security guardrails for their OpenClaw workspace through an interactive interview process.

Commands

guardrails setup

Interactive setup mode - Guides user through creating their GUARDRAILS.md file.

Workflow:

  1. Run environment discovery: bash scripts/discover.sh
  2. Classify risks: bash scripts/discover.sh | python3 scripts/classify-risks.py
  3. Generate tailored questions: bash scripts/discover.sh | python3 scripts/classify-risks.py | python3 scripts/generate_questions.py
  4. Conduct interactive interview with the user:
    • Ask questions from the generated question bank (tailored to discovered environment)
    • Present suggestions for each question
    • Allow custom answers
    • Follow up when appropriate
  5. Generate GUARDRAILS.md: echo '\x3Cjson>' | python3 scripts/generate_guardrails_md.py /path/to/guardrails-config.json
    • Stdin JSON format: {"discovery": {...}, "classification": {...}, "answers": {...}}
  6. Present the generated GUARDRAILS.md for review
  7. Ask for confirmation before writing to workspace
  8. Write GUARDRAILS.md to workspace root
  9. Save guardrails-config.json to workspace root

Important:

  • Be conversational and friendly during the interview
  • Explain why each question matters
  • Provide context about discovered risks
  • Highlight high-risk skills/integrations
  • Allow users to skip or customize any answer
  • Review the final output with the user before writing

guardrails review

Review mode - Check existing configuration against current environment.

Workflow:

  1. Run discovery and classification
  2. Load existing guardrails-config.json
  3. Compare discovered skills/integrations against config
  4. Identify gaps (new skills not covered, removed skills still in config)
  5. Ask user about gaps only - don't re-interview everything
  6. Update config and GUARDRAILS.md if changes needed

guardrails monitor

Monitor mode - Detect changes and potential violations.

Workflow:

  1. Run: bash scripts/monitor.sh
  2. Parse the JSON report
  3. If status is "ok": silent or brief acknowledgment
  4. If status is "needs-attention": notify user with details
  5. If status is "review-recommended": suggest running guardrails review

Can be run manually or via cron/heartbeat.

Files Generated

  • GUARDRAILS.md - The main guardrails document (workspace root)
  • guardrails-config.json - Machine-readable config for monitoring (workspace root)

Notes

  • This skill only helps create guardrails - enforcement is up to the agent
  • Discovery (discover.sh) uses bash + jq; classification (classify-risks.py) uses Python standard library only
  • Question generation and GUARDRAILS.md generation require an LLM — set OPENAI_API_KEY or ANTHROPIC_API_KEY
  • Python scripts require the requests library (pip install requests)
  • Discovery and classification are read-only operations
  • Only setup and review modes write files, and only with user confirmation
Usage Guidance
What to know before installing or running this skill: - The skill will scan your workspace (skills, SKILL.md files, and many workspace files like USER.md, MEMORY.md, AGENTS.md) and produce a JSON discovery report. That discovery output (discovery, classification, and your interview answers) is sent verbatim to whichever LLM provider you configure (OpenAI or Anthropic) when generating questions and GUARDRAILS.md. - The registry metadata does not list OPENAI_API_KEY or ANTHROPIC_API_KEY as required env vars, but the scripts require one of those keys to run the LLM steps. This is an inconsistency you should correct or be aware of. - Potential sensitive data exposure: discovery includes file previews and memory entries; monitor.sh scans memory files for keywords. If your workspace contains secrets or sensitive documents, those could be included in the payload sent to the external LLM provider. - Recommended precautions: - Inspect and run scripts locally in a safe/isolated workspace first (set WORKSPACE to a test directory) to see what discovery collects: bash scripts/discover.sh and python scripts/classify-risks.py are read-only and can be run without API keys. - Do NOT export your real OPENAI_API_KEY / ANTHROPIC_API_KEY into the environment until you are comfortable with the exact JSON that will be sent. Generate and review the discovery JSON, then decide whether to remove sensitive previews before calling the LLM. - If you must use an LLM, consider using a provider/account/policy that you trust, or run with a local LLM if you have one and update the code accordingly. - Ensure you have jq and python3 'requests' installed as noted; and verify the skill's claim that it asks for confirmation before writing GUARDRAILS.md / guardrails-config.json. - Prefer auditing the code and testing in a sandbox before running monitor mode against a production workspace. - If you plan to publish or share this skill, ask the author to: (1) add explicit required env vars (OPENAI_API_KEY/ANTHROPIC_API_KEY) to metadata; (2) clearly document that full discovery JSON (including file previews and memory) is sent to external LLMs; and (3) offer an option to redact file previews by default.
Capability Analysis
Type: OpenClaw Skill Name: guardrails Version: 1.0.1 The skill sends extensive workspace environment data, including skill details, previews of workspace files (first 20 lines), channel configurations, integration information, and user interview answers, to external LLM APIs (OpenAI/Anthropic). While this data transfer is arguably necessary for the skill's stated purpose of generating tailored guardrails and questions, it represents a significant data exposure risk to third-party services. This behavior is primarily observed in `scripts/generate_guardrails_md.py` and `scripts/generate_questions.py`. There is no clear evidence of intentional malicious data exfiltration to unauthorized endpoints or other harmful behaviors.
Capability Assessment
Purpose & Capability
The skill's name and scripts align with an interactive guardrails generator: discover workspace, classify risks, ask questions, and generate GUARDRAILS.md. However, the runtime relies on external LLM providers (OPENAI_API_KEY or ANTHROPIC_API_KEY) for question generation and document generation, yet the registry metadata lists no required environment variables or primary credential. That mismatch between declared metadata and actual runtime needs is incoherent and should be fixed.
Instruction Scope
The SKILL.md instructs the agent to run discover.sh which reads workspace skills, many workspace files (USER.md, MEMORY.md, AGENTS.md, GUARDRAILS.md, etc.), and ~/.openclaw/openclaw.json; monitor.sh scans workspace/memory for keywords. The generate_* scripts then send the entire discovery/classification/answers JSON to external LLMs. That means potentially sensitive workspace content and memory entries will be transmitted off-host — this is within the skill's stated functionality (it needs context), but it is a significant data-exfiltration risk and is not fully surfaced in the registry metadata or with explicit cautions about what will be sent to third-party APIs.
Install Mechanism
There is no install spec (instruction-only skill with bundled scripts). This is lower risk than an arbitrary installer. The scripts run locally and don't download remote code. They do require Python 'requests' and jq; README/SKILL.md mention those requirements. No network-based installer or suspicious download URLs were found.
Credentials
Although the skill logically needs an LLM provider to generate questions and the markdown output, the registry metadata does not declare OPENAI_API_KEY or ANTHROPIC_API_KEY as required environment variables. The code will call external APIs (OpenAI/Anthropic) and will send the full discovery payload (which includes file previews, skill SKILL.md contents, and potentially channel/config info). The skill also reads memory files. Asking for LLM API keys and then sending workspace data to those providers is proportionate to the feature, but the lack of explicit credential declarations and the breadth of data collected make this a privacy/credential disclosure concern.
Persistence & Privilege
The skill does not request always:true or modify other skills' configs. It writes GUARDRAILS.md and guardrails-config.json to the workspace when the user confirms (per SKILL.md). The README claims it does not create cron jobs or modify AGENTS.md. monitor.sh can be run manually or via cron, but the skill itself does not install persistent hooks.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install guardrails
  3. After installation, invoke the skill by name or use /guardrails
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
- Switched risk classification script from Node.js (classify-risks.js) to Python (classify-risks.py). - Updated workflow commands to use the new Python risk classifier. - Clarified that classification uses only the Python standard library. - Removed references to Node.js for classification step in documentation.
v1.0.0
guardrails 1.0.0 – Initial Release - Introduces interactive security guardrails setup with environment discovery, risk classification, and custom question flow - Generates tailored GUARDRAILS.md and guardrails-config.json files for the workspace - Adds review mode to check configuration against environment changes and update only where gaps are detected - Provides monitor mode to detect and report violations or changes, with optional notifications and suggestions - Ensures all changes are confirmed by user before writing to disk - Emphasizes a conversational, user-friendly experience throughout configuration
Metadata
Slug guardrails
Version 1.0.1
License
All-time Installs 9
Active Installs 9
Total Versions 2
Frequently Asked Questions

What is Guardrails?

Interactively configure, review, and monitor security guardrails for your OpenClaw workspace by discovering risks, interviewing users, and generating GUARDRA... It is an AI Agent Skill for Claude Code / OpenClaw, with 2168 downloads so far.

How do I install Guardrails?

Run "/install guardrails" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Guardrails free?

Yes, Guardrails is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Guardrails support?

Guardrails is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Guardrails?

It is built and maintained by dgriffin831 (@dgriffin831); the current version is v1.0.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments