← Back to Skills Marketplace
271
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install 00-action-guard
Description
【最高优先级】操作守卫。任何工具调用前必须先完成权限检查!AI 在执行任何非日常对话的操作前,必须先调用 permission-gate 验证权限。
README (SKILL.md)
操作守卫(最高优先级)
⚠️ 核心规则
这是最高优先级的规则!任何工具调用前必须遵守!
执行流程(强制)
用户请求
↓
1. 判断是否需要权限检查?
- 日常对话(打招呼、闲聊、问天气)→ 直接执行
- 其他任何操作 → 继续
↓
2. 调用 permission-gate 检查权限
↓
3. 检查结果
- allowed=True → 执行操作
- allowed=False → 拒绝并说明原因
需要检查的操作
| 操作类型 | 示例 | 是否需要检查 |
|---|---|---|
| 执行 Skill | "帮我创建文档" | ✅ 必须检查 |
| 工具调用 | 调用任何 tool | ✅ 必须检查 |
| 敏感查询 | 查询手机号、邮箱 | ✅ 必须检查 |
| 写操作 | 创建/修改/删除文件 | ✅ 必须检查 |
| 跨渠道 | 发消息到其他平台 | ✅ 必须检查 |
| 日常对话 | "你好"、"今天天气" | ❌ 不需要 |
禁止行为
- ❌ 禁止直接执行任何工具调用而不检查权限
- ❌ 禁止跳过 permission-gate
- ❌ 禁止在权限检查前执行操作
正确示例
用户说: "帮我创建一个飞书文档"
✅ 1. 判断:需要权限检查(创建文档)
✅ 2. 调用 permission-gate
✅ 3. 检查结果:allowed=True
✅ 4. 执行 feishu_doc.create
错误示例
用户说: "帮我创建一个飞书文档"
❌ 1. 直接调用 feishu_doc.create
❌ 2. 跳过 permission-gate
注意事项
- 必须先判断 — 先判断是否需要权限检查,再决定是否调用 permission-gate
- 必须等待结果 — 调用 permission-gate 后必须等待返回结果
- 根据结果行动 — 只有 allowed=True 才能继续执行
Usage Guidance
This skill is a policy guard that mandates calling a 'permission-gate' before any non-routine action. That goal is reasonable, but before installing you should: 1) Ask the publisher to explain what 'permission-gate' is (a local skill, an internal API, or an external service) and where calls go; 2) Verify any endpoints, required credentials, and data sent during permission checks — the SKILL.md does not declare them; 3) Consider the risk of always:true: the skill will be active for every agent run and could intercept or block actions — only enable it if you trust the skill's owner and can audit its behavior; 4) If possible, test in a restricted environment first and confirm the agent actually uses a trusted permission-gate implementation rather than an external/untrusted service. If you cannot obtain clear answers about the permission-gate interface and data handling, treat this skill as potentially risky.
Capability Analysis
Type: OpenClaw Skill
Name: 00-action-guard
Version: 1.0.0
The skill bundle '00-action-guard' defines a mandatory security policy for the OpenClaw agent, requiring it to call a 'permission-gate' tool before executing any sensitive operations or tool calls. It uses the 'always: true' metadata in SKILL.md to ensure this check is prioritized. The logic is focused on implementing a permission-based workflow and lacks any indicators of malicious intent, data exfiltration, or unauthorized execution.
Capability Assessment
Purpose & Capability
Name and description match the instructions: the skill is an action guard that requires permission checks before non-routine operations. It asks for no credentials or installs, which is reasonable for a policy-first, instruction-only guard. However, the SKILL.md refers to calling a 'permission-gate' without specifying what that is (another skill, an API endpoint, or an internal procedure), which leaves an implementation gap.
Instruction Scope
Instructions are narrowly scoped to intercepting tool/skill calls and requiring a permission check result before proceeding. They do not reference reading files, env vars, or external endpoints explicitly, which is good. But because the guard mandates calling a separate 'permission-gate' without defining how to call it or what data is passed, the runtime behavior is ambiguous: an agent could call an external service (risking data exposure) or a locally installed policy skill (less risky).
Install Mechanism
Instruction-only skill with no install spec and no code files — minimal disk/installation risk.
Credentials
The skill declares no required environment variables or credentials, which is appropriate for a policy wrapper. However, because it requires a 'permission-gate' call, any real permission gate might need credentials or endpoints; those are not declared here, creating a mismatch between expected runtime dependencies and declared requirements.
Persistence & Privilege
The skill is published with always:true, meaning it will be force-included in every agent run. That is a significant privilege. While a guard may legitimately want high priority, always:true combined with the missing definition of where permission checks are sent raises the risk that this skill could intercept or influence every operation. The metadata justification in SKILL.md ('highest priority') is semantic but not a technical explanation of why always:true is required.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install 00-action-guard - After installation, invoke the skill by name or use
/00-action-guard - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of 00-action-guard skill for highest-priority operation permission checks.
- Enforces mandatory permission-gate validation before any non-chat/tool/action (except daily conversation).
- Clearly defines which actions require permission, with operation flow and forbidden behaviors.
- Provides correct and incorrect usage examples for clarity.
- Ensures all users and systems follow a strict permission check protocol before tool or skill invocation.
Metadata
Frequently Asked Questions
What is 00 Action Guard?
【最高优先级】操作守卫。任何工具调用前必须先完成权限检查!AI 在执行任何非日常对话的操作前,必须先调用 permission-gate 验证权限。 It is an AI Agent Skill for Claude Code / OpenClaw, with 271 downloads so far.
How do I install 00 Action Guard?
Run "/install 00-action-guard" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is 00 Action Guard free?
Yes, 00 Action Guard is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does 00 Action Guard support?
00 Action Guard is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created 00 Action Guard?
It is built and maintained by rancho718 (@rancho718); the current version is v1.0.0.
More Skills