← 返回 Skills 市场

Authz

Name: Authz
Author: codekungfu

作者 ClawKK · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ✓ 安全检测通过

145

总下载

当前安装

版本数

在 OpenClaw 中安装

/install authz

功能描述

Permissions, roles, policies, and enforcement points. Use when designing RBAC/ABAC or fixing authZ holes.

使用说明 (SKILL.md)

AuthZ

Structured guidance for authorization (RBAC, ABAC, policy enforcement): confirm triggers, propose the stages below, and adapt if the user wants a lighter pass.

When to Offer This Workflow

Trigger conditions:

User mentions authorization, authZ, permissions, or closely related work
They want a structured workflow rather than ad-hoc tips
They are preparing a review, rollout, or stakeholder communication

Initial offer: Explain the four stages briefly and ask whether to follow this workflow or work freeform. If they decline, continue in their preferred style.

Workflow Stages

Stage 1: Clarify context & goals

Anchor on model: RBAC/ABAC/ReBAC. Ask what success looks like, constraints, and what must not break. Capture unknowns early.

Stage 2: Design or plan the approach

Translate goals into a concrete plan around policy enforcement points. Compare alternatives and explicit trade-offs; avoid implicit assumptions.

Stage 3: Implement, validate, and harden

Execute with verification loops tied to auditing and admin paths. Prefer small steps, measurable checks, and rollback points where risk is high.

Stage 4: Operate, communicate, and iterate

Close the loop with testing negative cases: monitoring, documentation, stakeholder updates, and lessons learned for the next cycle.

Checklist Before Completion

Goals and constraints are explicit for authZ
Risks and trade-offs are stated, not hand-waved
Verification steps match the change’s impact (tests, canary, peer review)
Operational follow-through is covered (monitoring, docs, owners)

Tips for Effective Guidance

Be procedural: stage-by-stage, with clear exit criteria
Ask for missing context (environment, scale, deadlines) before prescribing
Prefer checklists and concrete examples over generic platitudes
If the user declines the workflow, switch to freeform help without lecturing

Handling Deviations

If the user wants to skip a stage: confirm and continue with what they need.
If context is missing: ask targeted questions before strong recommendations.
Prefer concrete examples, trade-offs, and verification steps over generic advice.

Quality Bar

Each recommendation should be actionable (what to do next).
Call out failure modes relevant to authorization (security, scale, UX, or ops).
Keep tone direct and respectful of the user’s time.

安全使用建议

This skill is a high-level, procedural advisor for authorization design and remediation and appears internally consistent. Because it is instruction-only, it cannot access files or secrets on its own — its value comes from the recommendations it produces. Before installing or relying on its output, consider: (1) whether you need concrete code/config examples for your platform (this skill is intentionally generic), (2) have a domain expert review any policy changes it recommends before applying them, and (3) if you want the agent to operate on live systems, prefer a skill that explicitly declares the required credentials and installation steps so you can evaluate their scope.

功能分析

Type: OpenClaw Skill Name: authz Version: 1.0.0 The 'authz' skill bundle is a purely instructional framework designed to guide an AI agent through a structured workflow for authorization tasks (RBAC/ABAC). It contains no executable code, scripts, or network requests, and its instructions in SKILL.md are entirely aligned with its stated purpose of providing architectural guidance and policy enforcement planning.

能力评估

✓ Purpose & Capability

Name/description match the content: the skill provides a structured 4-stage workflow for authorization design and remediation. It requests no binaries, secrets, or system access that would be unrelated to its stated purpose.

✓ Instruction Scope

SKILL.md contains only procedural guidance (questions to ask, stages, checklists). It does not instruct reading files, accessing environment variables, running shell commands, or sending data to external endpoints.

✓ Install Mechanism

No install spec and no code files — instruction-only. This is low-risk because nothing will be written to disk or downloaded.

✓ Credentials

No required environment variables, credentials, or config paths are declared or referenced in the instructions; asked capabilities are proportional to a documentation/advisory skill.

✓ Persistence & Privilege

always is false and the skill does not request persistent or system-wide privileges or modifications to other skills; autonomous invocation (default) is present but not combined with other red flags.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install authz
安装完成后，直接呼叫该 Skill 的名称或使用 /authz 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release: Provides structured, stage-by-stage guidance for authorization design and fixes. - Introduces a four-stage workflow (clarify goals, design, implement, operate) for RBAC/ABAC projects. - Includes checklist and prompts to ensure explicit goals, risk management, and operational follow-through. - Adapts to user preference for either structured guidance or freeform help. - Emphasizes actionable steps, concrete examples, and clear exit criteria for each stage. - Recommends asking for missing context and handling deviations without lecturing.

元数据

Slug authz

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题

Authz 是什么？

Permissions, roles, policies, and enforcement points. Use when designing RBAC/ABAC or fixing authZ holes. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 145 次。

如何安装 Authz？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install authz」即可一键安装，无需额外配置。

Authz 是免费的吗？

是的，Authz 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Authz 支持哪些平台？

Authz 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Authz？

由 ClawKK（@codekungfu）开发并维护，当前版本 v1.0.0。