← Back to Skills Marketplace

skill-governance

Name: skill-governance
Author: maxime-xian

by maxime-Xian · GitHub ↗ · v2.1.0

cross-platform ⚠ suspicious

430

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install skill-governance

Description

OpenClaw Cognitive Operating & Skill Governance Kernel

Usage Guidance

This skill is conceptually coherent with a governance kernel, but it contains ambiguous operational directives that could change files, archive or delete other skills, and push summaries externally without specifying where. Before installing: 1) Ask the author to clarify exact filesystem paths and required permissions for /memory and archived_skills/, and which service/endpoints (and credentials) are used for 'external synchronization'. 2) Confirm which bundles the skill may mount/unmount and get explicit allow-listing for those bundles. 3) Run the skill in a restricted sandbox with monitoring to observe file writes and outgoing connections. 4) If you cannot get clear answers, avoid enabling autonomous invocation or limit its scope and privileges.

Capability Analysis

Type: OpenClaw Skill Name: skill-governance Version: 2.1.0 The skill `skill-governance` defines operational protocols for an AI agent. It is classified as suspicious due to two main capabilities outlined in `SKILL.md`: the automatic mounting of other skill bundles (e.g., `research.bundle`, `automation.bundle`) based on keywords, which poses a risk if those bundles are unvetted or malicious; and the mandatory external synchronization of task summaries for critical tasks, which is a data exfiltration capability that could be abused if the synchronization mechanism is insecure or unauthorized. These features represent significant vulnerability risks rather than explicit malicious intent.

Capability Assessment

✓ Purpose & Capability

The name/description as a 'cognitive operating & skill governance kernel' matches the SKILL.md: it defines perception, decision, mounting, lifecycle, and closure protocols. There are no unexpected environment variables, binaries, or installs requested that contradict its stated purpose.

⚠ Instruction Scope

The instructions mandate behaviors that involve system state and other skills: automatic 'mount/unmount' of bundles, writing forced archives to /memory/YYYY-MM-DD-task.md, moving skills to archived_skills/, and generating summaries for 'external synchronization'. The SKILL.md does not specify where /memory or archived_skills/ live, what API/endpoints should be used for external sync, or what authorization is needed. Those gaps create a risk that the agent will read/write files or transmit data outside expected boundaries or trigger other skills unexpectedly.

✓ Install Mechanism

No install spec and no code files — instruction-only — so nothing is downloaded or written at install time. This is lower risk from an install-mechanism perspective.

ℹ Credentials

The skill requests no environment variables or credentials (proportionate). However, it references filesystem locations and lifecycle operations that imply write/delete privileges over skill storage areas even though no config paths were declared in the manifest; that mismatch should be clarified.

⚠ Persistence & Privilege

always:false and model invocation allowed (normal). But the protocol includes lifecycle actions that move and mark other skills (archived_skills/, deletion candidates) and requires sending notifications before deletion. Those are operations that modify other skills' state or system-wide skill storage; the skill does not declare these config paths or required permissions, which is a privilege/footprint mismatch and a potential control risk.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install skill-governance
After installation, invoke the skill by name or use /skill-governance
Provide required inputs per the skill's parameter spec and get structured output

Version History

v2.1.0

Major Upgrade: Cognitive Operating & Skill Governance Kernel v2.1

v1.3.0

Upgrade to Skill-FireControl Protocol (Signal Extraction + Hard Closing)

v1.2.0

Maxime Butler Protocol - Initial Release

Metadata

Slug skill-governance

Version 2.1.0

License —

All-time Installs 0

Active Installs 0

Total Versions 3

Frequently Asked Questions

What is skill-governance?

OpenClaw Cognitive Operating & Skill Governance Kernel. It is an AI Agent Skill for Claude Code / OpenClaw, with 430 downloads so far.

How do I install skill-governance?

Run "/install skill-governance" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is skill-governance free?

Yes, skill-governance is completely free (open-source). You can download, install and use it at no cost.

Which platforms does skill-governance support?

skill-governance is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created skill-governance?

It is built and maintained by maxime-Xian (@maxime-xian); the current version is v2.1.0.

More Skills