← Back to Skills Marketplace
561
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install sovereign-project-guardian
Description
Project health and best practices enforcer. Checks security, quality, documentation, CI/CD, and dependencies. Produces a letter grade (A-F) with actionable f...
Usage Guidance
This skill is coherent and does what it claims: it inspects a repository and reports problems. Before running it, consider: (1) run it against a copy or non-sensitive checkout if your repo contains secrets you don't want processed; the skill will scan all files and could surface secrets in its report; (2) expect it to recommend or run local audit tools that may require network access or installed tooling; (3) only allow the agent access to repos you trust, and monitor any outbound network activity from the agent if you are concerned about sensitive data leaving your environment. If you prefer, run the checks locally (using the examples in EXAMPLES.md) rather than granting the agent direct repository access.
Capability Analysis
Type: OpenClaw Skill
Name: sovereign-project-guardian
Version: 1.0.0
The skill is designed to audit project health, including security vulnerabilities like hardcoded secrets and insecure dependencies. While its intent is benign, the `SKILL.md` instructs the AI agent to 'recommend running `npm audit`, `pip-audit`, `govulncheck`, `cargo audit`'. An agent might interpret this as an instruction to execute these external commands. If the agent's execution environment lacks robust input sanitization or sandboxing when running such commands, it could introduce a shell injection vulnerability, allowing for arbitrary command execution. This represents a significant vulnerability risk, classifying it as suspicious rather than benign, despite the lack of clear malicious intent for data exfiltration or persistence.
Capability Assessment
Purpose & Capability
Name/description match the instructions: the SKILL.md describes repository discovery and a set of checks (security, quality, docs, CI/CD) and all required checks act on repository files and metadata. No unrelated binaries, credentials, or config paths are requested.
Instruction Scope
Instructions direct the agent to scan the entire repository (files, manifests, .git history, .gitignore) and to run or recommend dependency-audit tools (npm audit, pip-audit, govulncheck, cargo audit). This is appropriate for a project auditor, but it means the skill will process all file contents (including any secrets committed). It does not instruct the agent to read unrelated system files or transmit results to unknown external endpoints.
Install Mechanism
Instruction-only skill with no install spec and no code files to write to disk. Lowest-risk installation footprint; no downloads, no brew/npm installs specified by the skill itself.
Credentials
The skill requires no environment variables or credentials. Any commands it recommends (e.g., npm audit) may require network access or installed tooling, but that is proportional to its auditing purpose.
Persistence & Privilege
always:false and no special config changes requested. The skill does not request permanent presence or modify other skills' configuration. Autonomous invocation is enabled by platform default but is not combined with other risky privileges.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install sovereign-project-guardian - After installation, invoke the skill by name or use
/sovereign-project-guardian - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Sovereign Project Guardian v1.0.0 – Initial release
- Introduces automated enforcement of project best practices for security, quality, documentation, CI/CD, and dependencies.
- Audits repositories for secrets, dependency security, testing, linting, type safety, and documentation standards.
- Assigns a letter grade (A–F) based on systematic checks with prioritized, actionable fixes.
- Security issues take highest priority and automatically limit the possible grade.
- Designed to help developers maintain high project health and address critical issues early.
Metadata
Frequently Asked Questions
What is Sovereign Project Guardian?
Project health and best practices enforcer. Checks security, quality, documentation, CI/CD, and dependencies. Produces a letter grade (A-F) with actionable f... It is an AI Agent Skill for Claude Code / OpenClaw, with 561 downloads so far.
How do I install Sovereign Project Guardian?
Run "/install sovereign-project-guardian" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Sovereign Project Guardian free?
Yes, Sovereign Project Guardian is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Sovereign Project Guardian support?
Sovereign Project Guardian is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Sovereign Project Guardian?
It is built and maintained by ryudi84 (@ryudi84); the current version is v1.0.0.
More Skills