← 返回 Skills 市场
Agent Governance Assistant
作者
lingfeng-19
· GitHub ↗
· v4.0.0
· MIT-0
99
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install agent-gov
功能描述
UPDATED 2026: Covers China AI Agent governance regulations (generative AI regulations), MCP protocol governance implications, and enterprise AI audit framewo...
使用说明 (SKILL.md)
\r \r
Agent Governance Assistant\r
\r
Overview\r
\r A comprehensive AI-powered framework for governing enterprise AI agents — from audit trails and policy enforcement to regulatory compliance and risk reporting. As enterprise AI agents (Microsoft Agent 365, Copilot Studio, custom agents) proliferate, governance has become the #1 blocker to adoption. This skill bridges the gap between AI capability and enterprise control.\r \r
Title\r
\r Enterprise AI Agent Governance Framework — Audit · Secure · Comply\r \r
Triggers\r
\r
- "agent governance" / "AI agent管理" / "代理治理"\r
- "enterprise AI compliance" / "企业AI合规"\r
- "shadow AI detection" / "影子AI排查"\r
- "AI policy enforcement" / "AI策略执行"\r
- "agent audit trail" / "代理审计日志"\r
- "Microsoft Agent 365 governance" / "Agent 365治理"\r
- "AI risk report" / "AI风险报告"\r
- "Copilot Studio compliance" / "Copilot合规"\r
- "China AI regulation" / "中国AI监管"\r
- "CBIRC AI guidance" / "银保监会AI指引"\r \r ---\r \r
0. 2026 企业AI Agent治理最新趋势\r
\r | 时间 | 动态 | 治理含义 |\r |------|------|---------|\r | 2025年7月 | 中国《生成式人工智能服务管理暂行办法》正式施行 | AI Agent服务纳入互联网信息服务管理,算法备案要求扩展至Agent |\r | 2025年11月 | MCP协议移交Linux Foundation | AI Agent工具集成标准化带来新的审计盲点,需纳入治理范围 |\r | 2026年1月 | NFRA召开2026年监管工作会议,AI治理列为重点 | 金融行业AI Agent应用监管框架加速制定 |\r | 2026年 | Microsoft Agent 365/Copilot Studio企业大规模部署 | Agent行为审计、数据隔离、权限管控成为合规核心 |\r | 2026年 | 影子AI检测升级:从API监控到行为分析 | 传统DLP监控不足,需引入UEBA(用户实体行为分析)技术 |\r \r
2026年核心治理挑战: 企业AI Agent数量激增(从10个→100+),传统Agent Inventory已无法满足监管要求。建议采用"零信任Agent架构"——每个Agent独立身份认证、最小权限、数据隔离、完整审计日志。\r \r ---\r \r
Workflow\r
\r
Phase 1 — Agent Inventory Discovery\r
\r Step 1.1: Scan for Active AI Agents\r \r Generate a structured inventory of all AI agents in the enterprise environment.\r \r Input required:\r
- List of known AI platforms in use (e.g., Microsoft 365 Copilot, Salesforce Einstein, custom LangChain agents, RPA bots)\r
- Department ownership mapping\r
- API endpoints or integration points\r \r Output: Agent Inventory Table\r \r | Agent ID | Platform | Owner | Department | Capabilities | Data Access Level | Last Active |\r |----------|----------|-------|------------|--------------|-------------------|------------|\r | AG-001 | Microsoft Agent 365 | IT Admin | Finance | Email drafting, meeting prep | Full mailbox | 2026-05-07 |\r \r Step 1.2: Classify Agent Risk Level\r \r Assign risk tier (Low / Medium / High / Critical) based on:\r
- Data sensitivity (PII, financial, health, IP)\r
- External interaction (internet, customers, third parties)\r
- Autonomy level (advisory only → full automation)\r
- Regulatory exposure (CBIRC, CFCA, personal information protection)\r \r Risk Classification Matrix:\r \r | Tier | Criteria | Example | Audit Frequency |\r |------|----------|---------|----------------|\r | Critical | Customer-facing + financial data + high autonomy | AI underwriting agent | Weekly |\r | High | Internal + sensitive data + medium autonomy | AI claims processor | Monthly |\r | Medium | Internal + general data + advisory only | AI meeting summarizer | Quarterly |\r | Low | Internal + no sensitive data | AI email categorizer | Bi-annual |\r \r ---\r \r
Phase 2 — Policy Framework Design\r
\r Step 2.1: Define Governance Policies\r \r Generate tailored governance policies based on enterprise type and regulatory context.\r \r For China Financial Institutions (CBIRC/CFCA):\r
POLICY: CFCA-AI-001 — Agent Data Minimization\r
All AI agents must process only minimum necessary personal data.\r
Agents cannot retain PII beyond the transaction completion window.\r
Annual data audit required.\r
\r
POLICY: CBIRC-AI-007 — Model Transparency\r
All AI-assisted decisions in underwriting/claims must provide\r
human-override capability and explainability documentation.\r
\r
POLICY: AI-ENTERPRISE-003 — Agent Registration\r
All production AI agents must be registered in the Enterprise\r
Agent Registry with documented purpose, data scope, and owner.\r
Unregistered agents are prohibited from accessing customer data.\r
```\r
\r
**Step 2.2: Policy Compliance Checker**\r
\r
For each registered agent, evaluate against all applicable policies.\r
\r
**Input:** Agent inventory + policy list\r
**Output:** Compliance gap matrix with severity scores\r
\r
---\r
\r
### Phase 3 — Shadow AI Detection\r
\r
**Step 3.1: Identify Unauthorized Agent Usage**\r
\r
Scan for signs of shadow AI — employees using personal AI tools on corporate data.\r
\r
**Detection indicators:**\r
- Third-party AI API calls from corporate networks (non-approved domains)\r
- AI tool usage logs in DLP (Data Loss Prevention) systems\r
- Browser extensions accessing corporate APIs\r
- Unsanctioned Zapier/Make/n8n workflows connecting to company data\r
\r
**Output:** Shadow AI Exposure Report\r
\r
| Finding | Risk Level | Data at Risk | Recommended Action |\r
|---------|-----------|-------------|-------------------|\r
| Employee using free ChatGPT API for customer email drafting | CRITICAL | Customer PII + contract terms | Immediate block + compliance training |\r
| Unsanctioned n8n workflow syncing CRM to personal AI tool | HIGH | Contact data + deal values | Replace with approved integration |\r
\r
---\r
\r
### Phase 4 — Audit Trail & Reporting\r
\r
**Step 4.1: Generate Governance Audit Report**\r
\r
Produce a structured audit report for internal risk committees and external regulators.\r
\r
**Report Sections:**\r
1. Executive Summary (1 page)\r
2. Agent Inventory & Risk Classification\r
3. Policy Compliance Scorecard\r
4. Shadow AI Findings\r
5. Open Risks & Remediation Roadmap\r
6. Appendix: Agent Decision Logs (sample)\r
\r
**Step 4.2: Generate Regulatory Filing**\r
\r
Format findings as a CBIRC/CFCA-compliant governance disclosure.\r
\r
---\r
\r
## Input / Output Examples\r
\r
### Example 1: Enterprise Agent Audit\r
\r
**Input:**\r
```\r
We have 12 AI agents across Finance, Claims, and Sales departments.\r
Recent CBIRC guidance requires quarterly AI governance reporting.\r
We discovered 3 employees using personal AI tools for work tasks.\r
```\r
\r
**Output:**\r
```\r
## Phase 1: Agent Inventory\r
[Structured table of 12 agents with risk tiers]\r
\r
## Phase 2: Policy Gap Analysis\r
- 4 agents non-compliant with CFCA-AI-001 (data minimization)\r
- 2 agents lack human-override capability (CBIRC-AI-007)\r
- 6 agents unregistered (AI-ENTERPRISE-003 violation)\r
\r
## Phase 3: Shadow AI Findings\r
[Shadow AI report with 3 findings]\r
\r
## Phase 4: Compliance Score — 58/100\r
Recommended actions prioritized by risk.\r
\r
## Report ready for CBIRC Q2 submission.\r
```\r
\r
### Example 2: Microsoft Agent 365 Governance Setup\r
\r
**Input:**\r
```\r
We are deploying Microsoft Agent 365 across 200 users.\r
IT needs to configure governance controls before go-live.\r
Finance and Claims departments need different permission levels.\r
```\r
\r
**Output:**\r
```\r
## Agent 365 Governance Configuration\r
\r
### Recommended Permission Matrix\r
| Department | Agent Capabilities | Data Scope | Human-in-Loop | Audit Level |\r
|------------|-------------------|------------|---------------|-------------|\r
| Finance | Report generation, variance analysis | Financial data only | Required for >¥100K | Full |\r
| Claims | Document review, fraud flag | Claims data | Required for >¥10K | Full |\r
| Sales | Lead scoring, email drafting | CRM data | Advisory only | Standard |\r
\r
### Governance Policies to Enable\r
1. Data Loss Prevention (DLP) rules for PII in agent prompts\r
2. Agent activity logging to Sentinel/Log Analytics\r
3. Approval workflows for high-stakes agent actions\r
4. Monthly governance review dashboard\r
\r
### Shadow AI Pre-emption\r
Block list: [personal-ai-tool-1.com, ai-tool-free.xyz]\r
Allow list: [Copilot, Agent 365, approved-vendor-ai.com]\r
```\r
\r
---\r
\r
## Notes & Best Practices\r
\r
1. **Start with inventory before policy.** You cannot govern what you cannot see.\r
2. **China-specific:** For CBIRC/CFCA regulated entities, always include PIPL (个人信息保护法) compliance in the policy framework. Agents processing insurance claims data are subject to strict data minimization requirements.\r
3. **Human-in-the-loop is non-negotiable** for any agent making or materially influencing financial decisions.\r
4. **Shadow AI is the #1 undetected risk** — prioritize network-level API monitoring.\r
5. **Update agent registry quarterly** — AI agent proliferation is fast; stale inventories create blind spots.\r
6. **Leverage Microsoft Purview** for data classification feeding into agent governance policies.\r
7. **Regulatory alignment:** Check current CBIRC AI guidance, CFCA fintech guidelines, and the generative AI regulation framework when generating policies.\r
\r
---\r
\r
*Author: @gechengling | Skill: agent-governance-assistant | clawhub.ai/gechengling/agent-governance-assistant*\r
安全使用建议
Treat this as an inconclusive low-confidence review, because the local sandbox failed when attempting to read the supplied metadata and artifact directory.
能力评估
Purpose & Capability
Artifact coherence could not be assessed because local read commands failed before metadata.json or artifact files could be inspected.
Instruction Scope
Runtime instructions could not be reviewed; no artifact-backed instruction-scope concern is available.
Install Mechanism
Install specifications could not be inspected; no artifact-backed install concern is available.
Credentials
Environment access and proportionality could not be assessed from artifacts in this run.
Persistence & Privilege
Persistence and privilege behavior could not be assessed from artifacts in this run.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install agent-gov - 安装完成后,直接呼叫该 Skill 的名称或使用
/agent-gov触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v4.0.0
Major update expanding coverage to 2026 China AI governance, financial regulations, and advanced agent audit workflows:
- Updated for 2026 trends: Includes China’s generative AI regulations, MCP protocol governance, and latest shadow AI detection advances.
- Comprehensive enterprise workflow: Structured, multi-phase audit and compliance process from agent inventory to regulatory filing.
- Specific triggers and keywords added for easy discovery in both English and Chinese.
- Detailed policy framework templates tailored for CBIRC/CFCA financial compliance.
- Shadow AI detection and reporting enhanced with new techniques and reporting formats.
- Expanded input/output examples for practical enterprise and financial institution scenarios.
元数据
常见问题
Agent Governance Assistant 是什么?
UPDATED 2026: Covers China AI Agent governance regulations (generative AI regulations), MCP protocol governance implications, and enterprise AI audit framewo... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 99 次。
如何安装 Agent Governance Assistant?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install agent-gov」即可一键安装,无需额外配置。
Agent Governance Assistant 是免费的吗?
是的,Agent Governance Assistant 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Agent Governance Assistant 支持哪些平台?
Agent Governance Assistant 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Agent Governance Assistant?
由 lingfeng-19(@gechengling)开发并维护,当前版本 v4.0.0。
推荐 Skills