功能描述

Stop AI agents from secretly bypassing your rules. Mechanical enforcement with git hooks, secret detection, deployment verification, and import registries. B...

使用说明 (SKILL.md)

Agent Guardrails

Name: Agent Guardrails
Author: olmmlo-cmd

Mechanical enforcement for AI agent project standards. Rules in markdown are suggestions. Code hooks are laws.

Quick Start

cd your-project/
bash /path/to/agent-guardrails/scripts/install.sh

This installs the git pre-commit hook, creates a registry template, and copies check scripts into your project.

Enforcement Hierarchy

Code hooks (git pre-commit, pre/post-creation checks) — 100% reliable
Architectural constraints (registries, import enforcement) — 95% reliable
Self-verification loops (agent checks own work) — 80% reliable
Prompt rules (AGENTS.md, system prompts) — 60-70% reliable
Markdown rules — 40-50% reliable, degrades with context length

Tools Provided

Scripts

Script	When to Run	What It Does
`install.sh`	Once per project	Installs hooks and scaffolding
`pre-create-check.sh`	Before creating new `.py` files	Lists existing modules/functions to prevent reimplementation
`post-create-validate.sh`	After creating/editing `.py` files	Detects duplicates, missing imports, bypass patterns
`check-secrets.sh`	Before commits / on demand	Scans for hardcoded tokens, keys, passwords
`create-deployment-check.sh`	When setting up deployment verification	Creates .deployment-check.sh, checklist, and git hook template
`install-skill-feedback-loop.sh`	When setting up skill update automation	Creates detection, auto-commit, and git hook for skill updates

Assets

Asset	Purpose
`pre-commit-hook`	Ready-to-install git hook blocking bypass patterns and secrets
`registry-template.py`	Template `__init__.py` for project module registries

References

File	Contents
`enforcement-research.md`	Research on why code > prompts for enforcement
`agents-md-template.md`	Template AGENTS.md with mechanical enforcement rules
`deployment-verification-guide.md`	Full guide on preventing deployment gaps
`skill-update-feedback.md`	Meta-enforcement: automatic skill update feedback loop
`SKILL_CN.md`	Chinese translation of this document

Usage Workflow

Setting up a new project

bash scripts/install.sh /path/to/project

Before creating any new .py file

bash scripts/pre-create-check.sh /path/to/project

Review the output. If existing functions cover your needs, import them.

After creating/editing a .py file

bash scripts/post-create-validate.sh /path/to/new_file.py

Fix any warnings before proceeding.

Setting up deployment verification

bash scripts/create-deployment-check.sh /path/to/project

This creates:

.deployment-check.sh - Automated verification script
DEPLOYMENT-CHECKLIST.md - Full deployment workflow
.git-hooks/pre-commit-deployment - Git hook template

Then customize:

Add tests to .deployment-check.sh for your integration points
Document your flow in DEPLOYMENT-CHECKLIST.md
Install the git hook

See references/deployment-verification-guide.md for full guide.

Adding to AGENTS.md

Copy the template from references/agents-md-template.md and adapt to your project.

中文文档 / Chinese Documentation

See references/SKILL_CN.md for the full Chinese translation of this skill.

Common Agent Failure Modes

1. Reimplementation (Bypass Pattern)

Symptom: Agent creates "quick version" instead of importing validated code. Enforcement: pre-create-check.sh + post-create-validate.sh + git hook

2. Hardcoded Secrets

Symptom: Tokens/keys in code instead of env vars. Enforcement: check-secrets.sh + git hook

3. Deployment Gap

Symptom: Built feature but forgot to wire it into production. Users don't receive benefit. Example: Updated notify.py but cron still calls old version. Enforcement: .deployment-check.sh + git hook

This is the hardest to catch because:

Code runs fine when tested manually
Agent marks task "done" after writing code
Problem only surfaces when user complains

Solution: Mechanical end-to-end verification before allowing "done."

4. Skill Update Gap (META - NEW)

Symptom: Built enforcement improvement in project but forgot to update the skill itself. Example: Created deployment verification for Project A, but other projects don't benefit because skill wasn't updated. Enforcement: install-skill-feedback-loop.sh → automatic detection + semi-automatic commit

This is a meta-failure mode because:

It's about enforcement improvements themselves
Without fix: improvements stay siloed
With fix: knowledge compounds automatically

Solution: Automatic detection of enforcement improvements with task creation and semi-automatic commits.

Key Principle

Don't add more markdown rules. Add mechanical enforcement. If an agent keeps bypassing a standard, don't write a stronger rule — write a hook that blocks it.

Corollary: If an agent keeps forgetting integration, don't remind it — make it mechanically verify before commit.

安全使用建议

What to check before installing: - Inspect the scripts locally before executing: open scripts/install.sh, scripts/pre-create-check.sh, scripts/post-create-validate.sh, scripts/install-skill-feedback-loop.sh, and scripts/create-deployment-check.sh and confirm they do only the filesystem/git operations you expect. Look for any network calls, curl/wget, or hidden commands. - Back up your repository and commit state before installing hooks (git clone to a disposable test repo). Installing will copy hooks into .git/hooks and may block commits until checks pass. - Pay special attention to the feedback loop and publish helpers: the post-commit detection creates tasks and the auto-commit/publish scripts can run git commit/push/clawdhub publish using local credentials. Do not run PUBLISH_NOW.sh or auto-publish scripts unless you trust the repo and have reviewed them. - If you want to trial the tool safely: install into an isolated/test repository, run the scripts manually, and verify behavior (dry-run where possible) before deploying into production repos. - Metadata mismatch: the SKILL.md indicates bash and git are required but registry metadata listed none — treat this as a packaging oversight and ensure bash/git are available and that you understand the script effects. If you are not comfortable reviewing shell scripts yourself, ask a colleague with ops/security experience to audit the scripts and confirm they won't push or publish artifacts unexpectedly.

功能分析

Type: OpenClaw Skill Name: agent-guardrails Version: 1.0.0 The OpenClaw AgentSkills skill bundle 'agent-guardrails' is designed to enhance security and code quality by implementing mechanical enforcement mechanisms for AI agents. All scripts and documentation, including instructions for the AI agent in SKILL.md and other markdown files, consistently aim to make the agent more compliant with project standards and security best practices. The `check-secrets.sh` script actively scans for common vulnerabilities like hardcoded secrets and injection risks, acting as a security feature. The `install-skill-feedback-loop.sh` script's semi-automatic commit process includes explicit user confirmation, preventing unauthorized actions. No evidence of data exfiltration, unauthorized remote execution, persistence, or malicious prompt injection was found.

能力评估

ℹ Purpose & Capability

The skill's name/description (mechanical enforcement via git hooks, secret detection, deployment checks) aligns with the included scripts and documentation. However, registry metadata in the provided manifest lists no required binaries/env, while the SKILL.md and packaging claim bash and git are required — a minor metadata mismatch. All provided files (install.sh, pre/post-create checks, check-secrets.sh, deployment checks, feedback-loop scripts) are coherent with the enforcement purpose.

⚠ Instruction Scope

SKILL.md instructs installing scripts and git hooks into the user's project (copying files to the project, adding .git/hooks entries, creating .deployment-check.sh and .pending-skill-updates.txt). That is expected for a tool that enforces repository rules, but it means the skill will read and modify the repository state (file system, .git), and install hooks that will run on every commit. The feedback loop/post-commit detection will scan commit diffs for enforcement improvements and create tasks; the auto-commit flow can commit skill updates with human confirmation. These behaviors are within the described purpose but constitute persistent modification of project repositories — you should review the scripts before running them. There are no obvious hidden network exfiltration endpoints in SKILL.md, but publish/push utilities in scripts could use your local credentials to publish/push.

✓ Install Mechanism

This is an instruction-only skill with included shell scripts; there is no downloads-from-unknown-URL or package registry install. All code is present in the bundle, and install is done by running provided bash scripts. That's lower-risk than remote downloads, but because scripts will be executed locally, they must be inspected. A provided helper PUBLISH_NOW.sh runs 'clawdhub' commands and opens a browser for login — running that would interact with external services and should be used only if you trust the repo and credentials.

ℹ Credentials

The skill declares no required environment variables in the registry metadata, which matches that it doesn't explicitly ask for tokens. SKILL.md and other docs do require git and bash which are normal. However, some scripts (publish/publish-now and auto-commit) will use local git credentials and the 'clawdhub' CLI if present — meaning the tool could push/publish using whatever repo/CLI credentials are available on the machine. No secrets are requested in the metadata, but the installed hooks scan for secrets and the feedback loop can create tasks referencing local commits. Confirm you want hooks that can trigger git operations using your environment's credentials.

⚠ Persistence & Privilege

The skill installs persistent git hooks and scripts into a project (modifies .git/hooks, copies scripts, and creates persistent files such as .pending-skill-updates.txt). It also includes a feedback loop that can facilitate committing updates to the skill repository (semi-automatic commit script) and a publish helper that invokes 'clawdhub publish'. While these actions are described and typically include a confirmation step, they give the code a persistent presence in projects and the ability to make commits/publish actions using the host's credentials. This persistent ability to modify and (potentially) publish should be reviewed before granting trust.

版本历史

v1.0.0

agent-guardrails 1.1.0 introduces robust mechanical enforcement tools for AI agent project standards. - Adds automated git hooks and scripts for code, deployment, and secret enforcement. - Provides tools for secret detection, import registry creation, and deployment verification. - Introduces self-verification feedback loops and meta-enforcement for skill updates. - Supplies detailed documentation, templates, and workflow guides (English and Chinese). - Supports Claude Code, Clawdbot, Cursor, and any AI agent projects.

元数据

Slug agent-guardrails

版本 1.0.0

许可证 —

累计安装 3

当前安装数 3

历史版本数 1

常见问题