功能描述

Self-governance protocol for autonomous agents: WAL (Write-Ahead Log), VBR (Verify Before Reporting), ADL (Anti-Divergence Limit), and VFM (Value-For-Money)....

使用说明 (SKILL.md)

Agent Self-Governance

Name: agent-self-governance
Author: bowen31337

Five protocols that prevent agent failure modes: losing context, false completion claims, persona drift, wasteful spending, and infrastructure amnesia.

1. WAL (Write-Ahead Log)

Rule: Write before you respond. If something is worth remembering, WAL it first.

Trigger	Action Type	Example
User corrects you	`correction`	"No, use Podman not Docker"
Key decision	`decision`	"Using CogVideoX-2B for text-to-video"
Important analysis	`analysis`	"WAL patterns should be core infra not skills"
State change	`state_change`	"GPU server SSH key auth configured"

# Write before responding
python3 scripts/wal.py append \x3Cagent_id> correction "Use Podman not Docker"

# Working buffer (batch, flush before compaction)
python3 scripts/wal.py buffer-add \x3Cagent_id> decision "Some decision"
python3 scripts/wal.py flush-buffer \x3Cagent_id>

# Session start: replay lost context
python3 scripts/wal.py replay \x3Cagent_id>

# After incorporating a replayed entry
python3 scripts/wal.py mark-applied \x3Cagent_id> \x3Centry_id>

# Maintenance
python3 scripts/wal.py status \x3Cagent_id>
python3 scripts/wal.py prune \x3Cagent_id> --keep 50

Integration Points

Session start → replay to recover lost context
User correction → append BEFORE responding
Pre-compaction flush → flush-buffer then write daily memory
During conversation → buffer-add for less critical items

2. VBR (Verify Before Reporting)

Rule: Don't say "done" until verified. Run a check before claiming completion.

# Verify a file exists
python3 scripts/vbr.py check task123 file_exists /path/to/output.py

# Verify a file was recently modified
python3 scripts/vbr.py check task123 file_changed /path/to/file.go

# Verify a command succeeds
python3 scripts/vbr.py check task123 command "cd /tmp/repo && go test ./..."

# Verify git is pushed
python3 scripts/vbr.py check task123 git_pushed /tmp/repo

# Log verification result
python3 scripts/vbr.py log \x3Cagent_id> task123 true "All tests pass"

# View pass/fail stats
python3 scripts/vbr.py stats \x3Cagent_id>

When to VBR

After code changes → check command "go test ./..."
After file creation → check file_exists /path
After git push → check git_pushed /repo
After sub-agent task → verify the claimed output exists

3. ADL (Anti-Divergence Limit)

Rule: Stay true to your persona. Track behavioral drift from SOUL.md.

# Analyze a response for anti-patterns
python3 scripts/adl.py analyze "Great question! I'd be happy to help you with that!"

# Log a behavioral observation
python3 scripts/adl.py log \x3Cagent_id> anti_sycophancy "Used 'Great question!' in response"
python3 scripts/adl.py log \x3Cagent_id> persona_direct "Shipped fix without asking permission"

# Calculate divergence score (0=aligned, 1=fully drifted)
python3 scripts/adl.py score \x3Cagent_id>

# Check against threshold
python3 scripts/adl.py check \x3Cagent_id> --threshold 0.7

# Reset after recalibration
python3 scripts/adl.py reset \x3Cagent_id>

Anti-Patterns Tracked

Sycophancy — "Great question!", "I'd be happy to help!"
Passivity — "Would you like me to", "Shall I", "Let me know if"
Hedging — "I think maybe", "It might be possible"
Verbosity — Response length exceeding expected bounds

Persona Signals (Positive)

Direct — "Done", "Fixed", "Ship", "Built"
Opinionated — "I'd argue", "Better to", "The right call"
Action-oriented — "Spawning", "On it", "Kicking off"

4. VFM (Value-For-Money)

Rule: Track cost vs value. Don't burn premium tokens on budget tasks.

# Log a completed task with cost
python3 scripts/vfm.py log \x3Cagent_id> monitoring glm-4.7 37000 0.03 0.8

# Calculate VFM scores
python3 scripts/vfm.py score \x3Cagent_id>

# Cost breakdown by model and task
python3 scripts/vfm.py report \x3Cagent_id>

# Get optimization suggestions
python3 scripts/vfm.py suggest \x3Cagent_id>

Task → Tier Guidelines

Task Type	Recommended Tier	Models
Monitoring, formatting, summarization	Budget	GLM, DeepSeek, Haiku
Code generation, debugging, creative	Standard	Sonnet, Gemini Pro
Architecture, complex analysis	Premium	Opus, Sonnet+thinking

When to Check VFM

After spawning sub-agents → log cost and outcome
During heartbeat → run suggest for optimization tips
Weekly review → run report for cost breakdown

5. IKL (Infrastructure Knowledge Logging)

Rule: Log infrastructure facts immediately. When you discover hardware specs, service configs, or network topology, write it down BEFORE continuing.

Triggers

Discovery Type	Log To	Example
Hardware specs	TOOLS.md	"GPU server has 3 GPUs: RTX 3090 + 3080 + 2070 SUPER"
Service configs	TOOLS.md	"ComfyUI runs on port 8188, uses /data/ai-stack"
Network topology	TOOLS.md	"Pi at 192.168.99.25, GPU server at 10.0.0.44"
Credentials/auth	memory/encrypted/	"SSH key: ~/.ssh/id_ed25519_alexchen"
API endpoints	TOOLS.md or skill	"Moltbook API: POST /api/v1/posts"

Commands to Run on Discovery

# Hardware discovery
nvidia-smi --query-gpu=index,name,memory.total --format=csv
lscpu | grep -E "Model name|CPU\(s\)|Thread"
free -h
df -h

# Service discovery  
systemctl list-units --type=service --state=running
docker ps  # or podman ps
ss -tlnp | grep LISTEN

# Network discovery
ip addr show
cat /etc/hosts

The IKL Protocol

SSH to new server → Run hardware/service discovery commands
Before responding → Update TOOLS.md with specs
New service discovered → Log port, path, config location
Credentials obtained → Encrypt and store in memory/encrypted/

Anti-Pattern: "I'll Remember"

❌ "The GPU server has 3 GPUs" (only in conversation) ✅ "The GPU server has 3 GPUs" → Update TOOLS.md → then continue

Memory is limited. Files are permanent. IKL before you forget.

安全使用建议

This skill implements useful governance primitives, but review and harden it before use: - Sensitive-data storage: The scripts persist entries to files under your HOME (~/clawd/...). SKILL.md explicitly suggests logging infrastructure facts and credentials; those will be written in plaintext unless you change the code. If you plan to log any secrets (SSH keys, API tokens, etc.), modify the code to encrypt or avoid storing them, or disallow the agent from recording such values. - Arbitrary command execution: vbr.py implements checks by running shell commands (subprocess.run with shell=True). That is expected for verification tasks but lets the agent execute arbitrary host commands. Only enable this skill for agents you trust and consider running in a sandboxed environment, or change run_check to whitelist permitted checks/commands. - IKL mismatch: SKILL.md references IKL and encrypted storage, but no dedicated IKL script or encryption is provided. If you need encrypted infra logging, add explicit encryption and access controls. - File permissions & retention: Ensure the WAL/VBR/VFM directories have restrictive permissions (chmod 700) and consider a retention/prune policy so sensitive entries don't persist forever. - If you are unsure: run the scripts locally in a contained test environment first, audit or modify the code (remove credential-logging instructions, disable shell execution or add strict whitelists), and avoid giving the agent autonomous permission to invoke the skill until you are comfortable with the behavior.

功能分析

Type: OpenClaw Skill Name: agent-self-governance Version: 1.1.0 The skill bundle is suspicious primarily due to a critical shell injection vulnerability in `scripts/vbr.py`. The `check_command` and `check_git_pushed` functions use `subprocess.run(target, shell=True)` with unsanitized `target` input, allowing for arbitrary command execution if an attacker can control the input to these functions (e.g., via prompt injection to the agent). Additionally, `SKILL.md` instructs the agent to log sensitive infrastructure details and credentials (like SSH keys) into `TOOLS.md` or 'memory/encrypted/', which, while intended for internal use, presents a data handling risk if the storage mechanism is compromised or the agent is manipulated.

能力评估

✓ Purpose & Capability

Name/description (self-governance: WAL, VBR, ADL, VFM, IKL) align with the included scripts (wal.py, vbr.py, adl.py, vfm.py). The code implements logging, verification, divergence scoring, and cost-tracking — these are coherent with the stated purpose. Minor mismatch: SKILL.md emphasizes IKL (infrastructure/credential logging) but there is no dedicated IKL script; however, WAL/VBR can be used to record infrastructure facts, so functionality exists albeit indirectly.

⚠ Instruction Scope

SKILL.md instructs the agent to log infrastructure discoveries (including credentials/auth examples like SSH key paths) and to 'write before responding' — the wal/vbr scripts will persist arbitrary payloads to disk. VBR's verification implementation executes commands via subprocess.run(shell=True), meaning the skill will run arbitrary shell commands passed to it. The guidance to record credentials and hardware/service specs combined with unguarded write-and-execute behavior expands scope to collecting and storing sensitive host data and running host commands.

✓ Install Mechanism

No install spec; instruction-only with included Python scripts. Nothing is downloaded or executed at install time, which is lower risk. The scripts will be run at runtime by the agent instead of being installed by the registry.

⚠ Credentials

The skill declares no required environment variables or external credentials (proportionate). However, SKILL.md explicitly suggests logging credentials and paths (e.g., SSH keys) and the scripts will persist arbitrary strings to files in the user's HOME. There is no builtin encryption or secure handling — sensitive data could be stored in plaintext under ~/clawd/memory/... without explicit safeguards, which is disproportionate to safe governance unless you intend to persist such secrets.

ℹ Persistence & Privilege

always:false and no system-level install — good. The skill writes to user-space directories (~/clawd/...) and does not modify other skills. Still, the combination of autonomous invocation (allowed by default across the platform) plus VBR’s ability to execute arbitrary shell commands and WAL’s ability to record arbitrary payloads increases the blast radius if the agent is permitted to call these scripts autonomously. The skill itself does not request elevated system privileges.

版本历史

v1.1.0

Version 1.1.0 introduces infrastructure knowledge logging to the self-governance protocol. - Added IKL (Infrastructure Knowledge Logging) as a fifth protocol, requiring immediate logging of discovered hardware, network, and service facts. - Expanded usage guidelines and examples for capturing infrastructure data, including commands and best practices. - Updated skill description and documentation to reflect IKL protocol and its integration points. - No changes to core logic of WAL, VBR, ADL, or VFM, but improved documentation clarity throughout.

v1.0.0

Initial release: Four self-governance protocols for autonomous agents — WAL (Write-Ahead Log for state persistence), VBR (Verify Before Reporting), ADL (Anti-Divergence Limit for persona drift), VFM (Value-For-Money cost tracking). Prevents losing corrections, false completion claims, behavioral drift, and wasteful token spend.

元数据

Slug agent-self-governance

版本 1.1.0

许可证 —

累计安装 5

当前安装数 4

历史版本数 2

常见问题