← Back to Skills Marketplace

Symbiont

Name: Symbiont
Author: jaschadub

by Jascha · GitHub ↗ · v1.1.0 · MIT-0

cross-platform ✓ Security Clean

757

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install symbiont

Description

Zero-trust AI agent governance for OpenClaw. Adds ORGA runtime, Cedar policy enforcement, SchemaPin tool verification, ClawHavoc skill scanning, and cryptogr...

Usage Guidance

This package appears to be internally consistent with its governance purpose, but before installing: (1) verify the Homebrew tap/formula (thirdkeyai/tap) and review its source (brew formula may pull code), (2) inspect the scripts yourself — they are simple shell scanners and a policy guard that write local audit logs (.symbiont/audit/tool-usage.jsonl) and do not exfiltrate data, (3) ensure jq is present as declared, and (4) if you plan to use it in production or on sensitive hosts, run the scanner (clawhavoc-scan.sh) and review the symbi binary source or use a vetted release (e.g., GitHub releases or a container) before giving it any elevated privileges.

Capability Analysis

Type: OpenClaw Skill Name: symbiont Version: 1.1.0 The 'symbiont' skill bundle is a security governance framework for OpenClaw agents, providing tools for policy enforcement, audit logging, and malicious skill scanning. It includes 'clawhavoc-scan.sh', a defensive script that uses regex patterns to detect over 40 types of malicious behavior (e.g., reverse shells, credential theft), and 'policy-guard.sh', which implements a deny-list to block dangerous commands and access to sensitive paths like ~/.ssh or .env. The instructions in SKILL.md and SOUL-symbiont.md are explicitly designed to harden the agent's security posture and ensure compliance with zero-trust principles, with no evidence of malicious intent or data exfiltration.

Capability Assessment

✓ Purpose & Capability

Name/description (zero‑trust governance, Cedar, SchemaPin, ClawHavoc) match the included artifacts: SKILL.md describes governance workflows and the repo includes a scanner (clawhavoc-scan.sh), a policy guard (policy-guard.sh), references to SchemaPin and Cedar, and a Homebrew install of the symbi runtime. Nothing in the manifest asks for unrelated credentials, binaries, or config paths.

✓ Instruction Scope

SKILL.md instructions focus on scaffolding governance files, writing/validating Cedar policies, verifying MCP tools via symbi if available, scanning skills locally, and querying local audit logs. The included scripts operate on local files and produce local JSONL audit entries; they do not contact external endpoints or instruct the agent to read unrelated system secrets.

ℹ Install Mechanism

Install uses a Homebrew formula (symbi) from a third‑party tap (thirdkeyai/tap). This is proportionate to the skill's stated need for the symbi runtime, but third‑party Homebrew taps are a moderate trust surface — users should validate the tap/formula source before installing on sensitive systems.

✓ Credentials

The skill requires only jq (declared) and no environment variables or credentials. Scripts intentionally check for and avoid accessing deny-listed paths (.env, .ssh, .aws, etc.) and log to a local .symbiont/audit directory. There are no unexplained SECRET/TOKEN/PASSWORD requirements.

✓ Persistence & Privilege

The skill does not request always:true, does not change other skills' configs, and only writes its own .symbiont/ scaffold and audit logs in the working directory. Autonomous invocation is allowed (platform default) but is not combined with broad, unexplained privileges here.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install symbiont
After installation, invoke the skill by name or use /symbiont
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.1.0

1.1.0 Complete rewrite. Now delivers the full Symbiont governance stack for OpenClaw, matching capabilities of symbi-claude-code and symbi-gemini-cli. Three governance tiers: Awareness (audit logging), Protection (deny list), Governance (Cedar policies) ClawHavoc skill scanner with 40+ detection rules across 10 attack categories Cedar policy creation, editing, and validation SchemaPin MCP tool schema verification (ECDSA P-256, TOFU pinning) Symbiont DSL agent definition authoring and validation Cryptographic audit trails (JSONL) Dual-mode architecture: standalone (Mode A) and ORGA-managed (Mode B) Agent personas: symbi-governor (default), symbi-dev (DSL specialist) Cross-compatible .symbiont/local-policy.toml (works with Claude Code and Gemini CLI plugins) Reference docs for Cedar patterns and DSL syntax Companion SOUL.md on onlycrabs.ai

v1.0.2

Key updates from v1.4.0 → v1.5.0: - Description: Added ORGA reasoning loop, Cedar policy authorization, knowledge bridge - What Makes Symbiont Unique: Added 4 new bullet points (ORGA, Cedar, Knowledge Bridge, Durable Journal); updated crypto verification to mention AgentPin - New section: Agentic Reasoning Loop — covers minimal loop setup, typestate phase transitions, all 7 journal event types, Cedar policy gate with entity type mapping, and knowledge bridge integration - Documentation links: Added reasoning-loop.md and security-model.md, removed stale tool_review_workflow.md link

v1.0.1

- Updated documentation links in the introduction to point to the official GitHub resources for the DSL Guide, DSL Specification, and Example Agents. - No code or functional changes in this version.

v1.0.0

Symbiont skill version 1.0.0 initial release. - Comprehensive AI agent development guide covering the Symbiont DSL, runtime, and security model. - Quick start templates for common agent types: data processing, API integration, security scanning, and multi-agent orchestration. - Policy-as-code examples with zero-trust security, HIPAA/SOC2/GDPR compliance patterns, and capability-scoped permissions. - Sandbox tier selection guide: Docker, gVisor, and Firecracker isolation levels with resource limits. - DSL cheatsheet covering agent definitions, policy blocks, scheduling, memory, webhooks, and channel adapters. - Integration patterns for SchemaPin tool verification, AgentPin identity, persistent memory (v1.4.0), and webhook signature verification (v1.4.0). - Full changelog from v0.1.1 through v1.4.0 included.

Metadata

Slug symbiont

Version 1.1.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 4

Frequently Asked Questions

What is Symbiont?

Zero-trust AI agent governance for OpenClaw. Adds ORGA runtime, Cedar policy enforcement, SchemaPin tool verification, ClawHavoc skill scanning, and cryptogr... It is an AI Agent Skill for Claude Code / OpenClaw, with 757 downloads so far.

How do I install Symbiont?

Run "/install symbiont" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Symbiont free?

Yes, Symbiont is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Symbiont support?

Symbiont is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Symbiont?

It is built and maintained by Jascha (@jaschadub); the current version is v1.1.0.

More Skills