← Back to Skills Marketplace
codekungfu

Authz

by ClawKK · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ Security Clean
145
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install authz
Description
Permissions, roles, policies, and enforcement points. Use when designing RBAC/ABAC or fixing authZ holes.
README (SKILL.md)

AuthZ

Structured guidance for authorization (RBAC, ABAC, policy enforcement): confirm triggers, propose the stages below, and adapt if the user wants a lighter pass.

When to Offer This Workflow

Trigger conditions:

  • User mentions authorization, authZ, permissions, or closely related work
  • They want a structured workflow rather than ad-hoc tips
  • They are preparing a review, rollout, or stakeholder communication

Initial offer: Explain the four stages briefly and ask whether to follow this workflow or work freeform. If they decline, continue in their preferred style.

Workflow Stages

Stage 1: Clarify context & goals

Anchor on model: RBAC/ABAC/ReBAC. Ask what success looks like, constraints, and what must not break. Capture unknowns early.

Stage 2: Design or plan the approach

Translate goals into a concrete plan around policy enforcement points. Compare alternatives and explicit trade-offs; avoid implicit assumptions.

Stage 3: Implement, validate, and harden

Execute with verification loops tied to auditing and admin paths. Prefer small steps, measurable checks, and rollback points where risk is high.

Stage 4: Operate, communicate, and iterate

Close the loop with testing negative cases: monitoring, documentation, stakeholder updates, and lessons learned for the next cycle.

Checklist Before Completion

  • Goals and constraints are explicit for authZ
  • Risks and trade-offs are stated, not hand-waved
  • Verification steps match the change’s impact (tests, canary, peer review)
  • Operational follow-through is covered (monitoring, docs, owners)

Tips for Effective Guidance

  • Be procedural: stage-by-stage, with clear exit criteria
  • Ask for missing context (environment, scale, deadlines) before prescribing
  • Prefer checklists and concrete examples over generic platitudes
  • If the user declines the workflow, switch to freeform help without lecturing

Handling Deviations

  • If the user wants to skip a stage: confirm and continue with what they need.
  • If context is missing: ask targeted questions before strong recommendations.
  • Prefer concrete examples, trade-offs, and verification steps over generic advice.

Quality Bar

  • Each recommendation should be actionable (what to do next).
  • Call out failure modes relevant to authorization (security, scale, UX, or ops).
  • Keep tone direct and respectful of the user’s time.
Usage Guidance
This skill is a high-level, procedural advisor for authorization design and remediation and appears internally consistent. Because it is instruction-only, it cannot access files or secrets on its own — its value comes from the recommendations it produces. Before installing or relying on its output, consider: (1) whether you need concrete code/config examples for your platform (this skill is intentionally generic), (2) have a domain expert review any policy changes it recommends before applying them, and (3) if you want the agent to operate on live systems, prefer a skill that explicitly declares the required credentials and installation steps so you can evaluate their scope.
Capability Analysis
Type: OpenClaw Skill Name: authz Version: 1.0.0 The 'authz' skill bundle is a purely instructional framework designed to guide an AI agent through a structured workflow for authorization tasks (RBAC/ABAC). It contains no executable code, scripts, or network requests, and its instructions in SKILL.md are entirely aligned with its stated purpose of providing architectural guidance and policy enforcement planning.
Capability Assessment
Purpose & Capability
Name/description match the content: the skill provides a structured 4-stage workflow for authorization design and remediation. It requests no binaries, secrets, or system access that would be unrelated to its stated purpose.
Instruction Scope
SKILL.md contains only procedural guidance (questions to ask, stages, checklists). It does not instruct reading files, accessing environment variables, running shell commands, or sending data to external endpoints.
Install Mechanism
No install spec and no code files — instruction-only. This is low-risk because nothing will be written to disk or downloaded.
Credentials
No required environment variables, credentials, or config paths are declared or referenced in the instructions; asked capabilities are proportional to a documentation/advisory skill.
Persistence & Privilege
always is false and the skill does not request persistent or system-wide privileges or modifications to other skills; autonomous invocation (default) is present but not combined with other red flags.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install authz
  3. After installation, invoke the skill by name or use /authz
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: Provides structured, stage-by-stage guidance for authorization design and fixes. - Introduces a four-stage workflow (clarify goals, design, implement, operate) for RBAC/ABAC projects. - Includes checklist and prompts to ensure explicit goals, risk management, and operational follow-through. - Adapts to user preference for either structured guidance or freeform help. - Emphasizes actionable steps, concrete examples, and clear exit criteria for each stage. - Recommends asking for missing context and handling deviations without lecturing.
Metadata
Slug authz
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Authz?

Permissions, roles, policies, and enforcement points. Use when designing RBAC/ABAC or fixing authZ holes. It is an AI Agent Skill for Claude Code / OpenClaw, with 145 downloads so far.

How do I install Authz?

Run "/install authz" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Authz free?

Yes, Authz is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Authz support?

Authz is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Authz?

It is built and maintained by ClawKK (@codekungfu); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments