← Back to Skills Marketplace
111
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install sidclaw-governance
Description
Add policy evaluation, human approval, and audit trails to any tool. Powered by SidClaw.
Usage Guidance
This skill is coherent for its stated purpose but is high-impact: it routes all tool calls through a third-party proxy. Before installing: 1) Verify SidClaw's identity and trustworthiness (check the official GitHub repo, npm package @sidclaw/sdk, and docs). 2) Back up ~/.openclaw/openclaw.json before making changes. 3) Confirm precisely which env vars are actually required (README mentions SIDCLAW_UPSTREAM_CMD but the skill metadata does not) and avoid putting long-lived secrets in shared configs if you are unsure. 4) Prefer self-hosting or an enterprise deployment of the SidClaw proxy (or reviewing the @sidclaw/sdk code) if you need to keep data on-prem. 5) Test with non-sensitive tools/data first to confirm behavior. If you want higher confidence, provide the skill's source code or the npm package/GitHub repo for review — seeing the @sidclaw/sdk code and release provenance would move this assessment toward 'benign.'
Capability Analysis
Type: OpenClaw Skill
Name: sidclaw-governance
Version: 1.0.0
The skill bundle provides instructions and configuration for 'SidClaw', a governance and policy enforcement layer for OpenClaw agents. It contains no executable code itself, instead providing a README.md for manual configuration of an MCP proxy (@sidclaw/sdk) and a SKILL.md that instructs the AI agent to strictly adhere to security policies, respect tool denials, and wait for human approval when required. The behavior is transparently documented and explicitly designed to enhance the security posture of the agent by preventing unauthorized tool execution.
Capability Assessment
Purpose & Capability
Name/description, required binaries (node), and required credentials (SIDCLAW_API_KEY, SIDCLAW_AGENT_ID) align with a governance/proxy service that evaluates tool calls. The declared primary credential (SIDCLAW_API_KEY) is appropriate for this purpose.
Instruction Scope
Runtime instructions tell the user to replace their MCP server config so every tool call is proxied through SidClaw. That is expected for a governance proxy, but it is high-impact: the proxy will see tool inputs/outputs and can block or delay actions. The SKILL.md does not instruct the agent to read unrelated files, but it does instruct editing ~/.openclaw/openclaw.json which affects agent-wide behavior.
Install Mechanism
This is an instruction-only skill (no install spec). The README and instructions rely on npx/@sidclaw/sdk at runtime (npx will fetch packages from npm). Fetching and executing packages via npx is a moderate-risk pattern (normal for JS tools but requires trusting the npm package and its publisher). No binary or archive downloads from unknown hosts are present in the skill itself.
Credentials
The two required env vars (SIDCLAW_API_KEY, SIDCLAW_AGENT_ID) are appropriate for a third-party governance service. However, the README lists additional required variables (e.g., SIDCLAW_UPSTREAM_CMD) that are not declared in the skill metadata — an inconsistency. Also, routing all tool traffic to an external API means the API key grants broad access to tool call metadata and possibly payloads; that is expected but high-privilege.
Persistence & Privilege
The skill does not set always:true and does not auto-run, which is correct. However, it explicitly asks the user to change the agent-wide MCP configuration (~/.openclaw/openclaw.json) so all tools are proxied. This is a cross-cutting change that affects every tool and therefore raises privilege/impact concerns if you do not fully trust the SidClaw service or SDK.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install sidclaw-governance - After installation, invoke the skill by name or use
/sidclaw-governance - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Add policy evaluation, human approval, and audit trails to any MCP server tool. Powered by SidClaw.
Metadata
Frequently Asked Questions
What is SidClaw Governance?
Add policy evaluation, human approval, and audit trails to any tool. Powered by SidClaw. It is an AI Agent Skill for Claude Code / OpenClaw, with 111 downloads so far.
How do I install SidClaw Governance?
Run "/install sidclaw-governance" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is SidClaw Governance free?
Yes, SidClaw Governance is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does SidClaw Governance support?
SidClaw Governance is cross-platform and runs anywhere OpenClaw / Claude Code is available (macos, linux, windows).
Who created SidClaw Governance?
It is built and maintained by VlPetrov (@vladuzh); the current version is v1.0.0.
More Skills