← 返回 Skills 市场

Alfred Agent Governance

Name: Alfred Agent Governance
Author: lllljokerllll

作者 lJokerl · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ✓ 安全检测通过

总下载

当前安装

版本数

在 OpenClaw 中安装

/install alfred-agent-governance

功能描述

Enforces YAML-based runtime policies to intercept, audit, rate-limit, and stop AI agent tool calls for secure governance in OpenClaw.

使用说明 (SKILL.md)

Agent Governance Skill

Runtime governance for AI agents in OpenClaw. Inspired by Microsoft Agent Governance Toolkit (MIT) and OWASP Agentic AI Top 10.

Features

1. Policy Engine (Phase 1)

Intercepts tool calls and applies YAML-based rules before execution.

Rule types:

deny_patterns: regex patterns blocked in tool params (SQL injection, privilege escalation)
deny_tools: specific tools blocked for specific agents
rate_limit: max calls per time window per agent
require_approval: tools that need human approval before execution
resource_limits: max tokens, max exec timeout per agent per session

2. Audit Logger (Phase 1)

Logs every tool call with agent identity, timestamp, params hash, result, and signature.

Output: Appends to memory/audit-log/YYYY-MM-DD.jsonl

Format:

{"ts":"2026-04-23T15:00:00Z","agent":"coder","tool":"exec","params_hash":"sha256:...","result":"success","duration_ms":120}

3. Kill Switch (Phase 1)

Provides commands to stop running agent sessions.

Usage:

# List active sessions
openclaw sessions --status active

# Kill a specific session
openclaw sessions kill \x3Csession-id>

# Emergency: kill all non-main sessions
openclaw sessions kill --all --exclude main

4. Permission Rings (Phase 2 - planned)

Three privilege levels inspired by CPU rings:

Ring	Level	Access
Ring 3 (User)	0	Read-only, no tools
Ring 2 (Sandbox)	1	Limited tools, no exec, no network
Ring 1 (Restricted)	2	Most tools, exec with approval
Ring 0 (Full)	3	All tools, no restrictions

5. Trust Scoring (Phase 3 - planned)

Behavioral trust score per agent (0-1000). Decreases on denials, increases on success. Trust decay over time.

Configuration

Create config/governance-rules.yaml:

version: "1.0"
agents:
  coder:
    deny_patterns:
      - "DROP\\s+TABLE"
      - "rm\\s+-rf\\s+/"
      - "DELETE\\s+FROM\\s+users"
    rate_limit:
      exec: 50/hour
      write: 100/hour
    require_approval:
      - "exec.*sudo"
      - "exec.*systemctl"
  security:
    deny_tools:
      - "write"
      - "edit"
    rate_limit:
      web_search: 30/hour
  research:
    deny_tools:
      - "write"
      - "edit"
    rate_limit:
      web_fetch: 20/hour
  debug:
    deny_tools:
      - "write"
      - "edit"

Usage in Sessions

Before executing any tool call, check against rules:

import yaml, re, hashlib, json
from datetime import datetime

RULES_FILE = "config/governance-rules.yaml"
AUDIT_DIR = "memory/audit-log"

def check_policy(agent, tool, params_str):
    """Returns (allowed: bool, reason: str)"""
    rules = yaml.safe_load(open(RULES_FILE))
    agent_rules = rules.get("agents", {}).get(agent, {})
    
    # Check deny_tools
    for denied in agent_rules.get("deny_tools", []):
        if re.search(denied, tool):
            return False, f"Tool '{tool}' denied for agent '{agent}'"
    
    # Check deny_patterns
    for pattern in agent_rules.get("deny_patterns", []):
        if re.search(pattern, params_str, re.IGNORECASE):
            return False, f"Pattern matched: {pattern}"
    
    return True, "OK"

def log_audit(agent, tool, params_str, result, duration_ms):
    """Append to daily audit log"""
    from pathlib import Path
    Path(AUDIT_DIR).mkdir(parents=True, exist_ok=True)
    
    entry = {
        "ts": datetime.utcnow().isoformat() + "Z",
        "agent": agent,
        "tool": tool,
        "params_hash": "sha256:" + hashlib.sha256(params_str.encode()).hexdigest()[:16],
        "result": result,
        "duration_ms": duration_ms
    }
    
    log_file = f"{AUDIT_DIR}/{datetime.utcnow().strftime('%Y-%m-%d')}.jsonl"
    with open(log_file, "a") as f:
        f.write(json.dumps(entry) + "\
")

OWASP Agentic AI Mapping

OWASP Risk	Mitigation
ASI01 Goal Hijacking	Semantic intent classification (Phase 2)
ASI02 Tool Misuse	deny_patterns + deny_tools
ASI03 Identity Abuse	Audit logger + agent identity
ASI05 Code Execution	Permission rings + resource limits
ASI06 Memory Poisoning	deny write patterns on memory files
ASI08 Cascading Failures	Rate limiting + circuit breakers
ASI10 Rogue Agents	Kill switch + trust scoring

Roadmap

Phase 1: Policy Engine (YAML rules), Audit Logger, Kill Switch
Phase 2: Permission Rings, Semantic Intent Classifier
Phase 3: Trust Scoring, Circuit Breakers, Compliance Reports

Author

Alfred (Joker's CEO Agent) — Inspired by Microsoft Agent Governance Toolkit (MIT license)

License

MIT

安全使用建议

This skill is coherent with its stated goal and is low-risk because it's instruction-only, but before installing: (1) verify who authored it (source is unknown) and whether you trust the author; (2) ensure config/governance-rules.yaml and the memory/audit-log directory are located where you expect and have appropriate access controls (audit logs may contain sensitive metadata); (3) confirm the OpenClaw CLI commands used for killing sessions match your environment and that only authorized operators can run them; (4) test deny_patterns and rate limits in a safe environment — regexes and policy logic can produce false positives or block legitimate agent behavior; and (5) note that the SKILL.md provides example code but not an automatic enforcement hook — you should review/implement how these checks are actually integrated into your agent runtime before relying on them.

功能分析

Type: OpenClaw Skill Name: alfred-agent-governance Version: 1.0.0 The 'alfred-agent-governance' skill bundle provides a legitimate framework for implementing security controls and audit logging for AI agents. The code snippets in SKILL.md use safe practices like yaml.safe_load and regex-based pattern matching to enforce policies, and the audit logging logic is standard and transparent. No indicators of malicious intent, data exfiltration, or prompt injection were found.

能力评估

✓ Purpose & Capability

The name/description (agent governance) aligns with what the SKILL.md requests and shows: reading a local config/governance-rules.yaml, applying deny_patterns/deny_tools/rate_limit logic, writing audit logs, and invoking OpenClaw session management. There are no unrelated credentials, binaries, or installs requested.

ℹ Instruction Scope

The instructions are scoped to policy checks, audit logging, and use of the OpenClaw sessions CLI (list/kill). They do instruct writing audit entries to memory/audit-log and reading config/governance-rules.yaml; this is expected but does assume the agent runtime has permission to read/write those paths and access the openclaw CLI. The SKILL.md provides example Python snippets rather than an integration hookup; it does not show any network calls or access to unrelated system files.

✓ Install Mechanism

Instruction-only skill with no install spec and no code files. That minimizes supply-chain risk (nothing is downloaded or written by an installer).

✓ Credentials

The skill declares no required environment variables or external credentials, and the instructions only reference a local config file and local audit directory. No disproportionate secret access is requested.

✓ Persistence & Privilege

Flags are default (not always), and the skill does not request to persist itself or modify other skills. It writes local audit logs and expects a config file, which is consistent with a governance tool's normal behavior.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install alfred-agent-governance
安装完成后，直接呼叫该 Skill 的名称或使用 /alfred-agent-governance 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release: Policy Engine (YAML), Audit Logger, Kill Switch, OWASP ASI mapping

元数据

Slug alfred-agent-governance

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题