← Back to Skills Marketplace
honouralexwill

Permission Manifest Guard

by honouralexwill · GitHub ↗ · v0.1.1 · MIT-0
cross-platform ⚠ suspicious
110
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install permission-manifest-guard
Description
Inspects an OpenClaw skill directory before install or execution, translates declared and observed requirements into a human-readable permission manifest, an...
Usage Guidance
This skill appears coherent and implements a static permission manifest generator. Before running it: 1) Understand that its analysis is static only — it cannot see runtime behavior or transitive dependency actions; treat the manifest as an aid, not a proof. 2) The CLI will write permission-manifest.json into the inspected directory — run it on a copy or in a sandbox if you don't want repository files modified. 3) Inspect package.json dependencies (js-yaml) and run standard checks (npm install in an isolated environment, npm audit) if you plan to build/run locally. 4) Note the repository includes a CLAUDE.md that mentions an external 'saturnday' governance tool — that's documentation and not executed by the tool, but verify any external governance workflow separately. 5) If you need runtime/supply-chain guarantees (transitive dependency behavior, network reachability), use dynamic or dependency-specific scanners in addition to this tool.
Capability Analysis
Type: OpenClaw Skill Name: permission-manifest-guard Version: 0.1.1 The 'permission-manifest-guard' skill is a static analysis security tool designed to audit other OpenClaw skills. It scans source code and metadata (SKILL.md, package.json) to identify declared versus observed permissions, such as network domains, shell commands, and environment variables. The logic in 'src/extract.ts' and 'src/classify.ts' uses regex-based heuristics to detect risky capabilities (e.g., eval, child_process) and calculate a risk score. The tool's behavior is transparent, well-documented, and lacks any indicators of data exfiltration, malicious execution, or prompt injection; it functions solely as a security guardrail for the OpenClaw ecosystem.
Capability Assessment
Purpose & Capability
Name/description (permission manifest / static analysis) match the implementation: modules for discovery, extraction, classification, policy, and rendering exist (src/discovery.ts, src/extract.ts, src/classify.ts, src/policy.ts, src/render.ts). The declared capability in SKILL.md is read_filesystem and the code reads files from a supplied skill directory. No unrelated credentials or platform services are requested.
Instruction Scope
SKILL.md and README clearly limit the tool to static analysis of a supplied directory and describe expected outputs (markdown to stdout, JSON written to the target directory by the CLI). The CLI (src/cli.ts) does write permission-manifest.json into the inspected directory as a documented side effect. The code only scans files present in the target directory and does not perform network calls or attempt to access external credentials. Note: the repository includes a CLAUDE.md governance document that instructs running an external 'saturnday' tool — that is documentation only and not invoked by the code, but reviewers should be aware of it.
Install Mechanism
Registry metadata lists no install spec (instruction-only), which is low-risk. However, full source files are included in the package (TypeScript sources, package.json, package-lock.json). There is no automated install-from-URL or arbitrary archive extraction. The package.json declares ordinary npm deps (js-yaml) and devDependencies; there is no build/install script that fetches remote code beyond normal npm behavior. Slight mismatch: 'instruction-only' in registry vs presence of code files is benign but worth noting.
Credentials
The skill does not require environment variables or credentials and does not declare a primary credential. The code reads process.env occurrences in target code for detection purposes (extractors look for env-var usage) but does not itself read or transmit host credentials. It classifies env var names and flags likely secrets for the manifest; that is appropriate for its purpose.
Persistence & Privilege
The skill does not request permanent or elevated platform privileges (always:false). The CLI writes a permission-manifest.json file into the inspected skill directory (documented side effect). This write is proportionate to the stated behavior but you should be aware the tool modifies the inspected directory when run via the CLI. The code explicitly ignores symlinks during discovery (shouldIgnoreEntry) — this is a design choice, not a hidden privilege escalation.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install permission-manifest-guard
  3. After installation, invoke the skill by name or use /permission-manifest-guard
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.1
Fix README.md read-only inconsistency: document that CLI writes permission-manifest.json into the target directory, programmatic API is pure
v0.1.0
Initial release: static analysis of OpenClaw skill directories, permission manifest generation, disposition recommendations
Metadata
Slug permission-manifest-guard
Version 0.1.1
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 2
Frequently Asked Questions

What is Permission Manifest Guard?

Inspects an OpenClaw skill directory before install or execution, translates declared and observed requirements into a human-readable permission manifest, an... It is an AI Agent Skill for Claude Code / OpenClaw, with 110 downloads so far.

How do I install Permission Manifest Guard?

Run "/install permission-manifest-guard" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Permission Manifest Guard free?

Yes, Permission Manifest Guard is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Permission Manifest Guard support?

Permission Manifest Guard is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Permission Manifest Guard?

It is built and maintained by honouralexwill (@honouralexwill); the current version is v0.1.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments