← 返回 Skills 市场

Gatewaystack Governance

Name: Gatewaystack Governance
Author: davidcrowe

作者 David Crowe · GitHub ↗ · v0.2.0

cross-platform ✓ 安全检测通过

757

总下载

当前安装

版本数

在 OpenClaw 中安装

/install gatewaystack-governance

功能描述

Deny-by-default governance for every tool call — identity, scope, rate limiting, injection detection, audit logging, plus opt-in output DLP, escalation, and...

使用说明 (SKILL.md)

GatewayStack Governance

Deny-by-default governance for every tool call in OpenClaw.

Five core checks run automatically on every invocation:

Identity — maps the agent to a policy role. Unknown agents are denied.
Scope — deny-by-default tool allowlist. Unlisted tools are blocked.
Rate limiting — per-user and per-session sliding window limits.
Injection detection — 40+ patterns from Cisco, Snyk, and Kaspersky research.
Audit logging — every decision recorded to append-only JSONL.

Three opt-in features extend governance further:

Output DLP — scans tool output for PII using @gatewaystack/transformabl-core. Log or redact.
Escalation — human-in-the-loop review for medium-severity detections and first-time tool use.
Behavioral monitoring — detects anomalous tool usage patterns using @gatewaystack/limitabl-core.

Install

openclaw plugins install @gatewaystack/gatewaystack-governance

One command. Zero config. The core 5 checks are active on every tool call immediately.

The plugin hooks into before_tool_call at the process level — the agent can't bypass it, skip it, or talk its way around it.

Customize

To override the defaults, create a policy file:

cp ~/.openclaw/plugins/gatewaystack-governance/policy.example.json \
   ~/.openclaw/plugins/gatewaystack-governance/policy.json

Configure which tools are allowed, who can use them, rate limits, injection detection sensitivity, and the three optional features (DLP, escalation, behavioral monitoring — all disabled by default).

Optional GatewayStack packages

The opt-in features use GatewayStack packages via lazy import. Install only what you need:

npm install @gatewaystack/transformabl-core   # for output DLP
npm install @gatewaystack/limitabl-core       # for behavioral monitoring

The core 5 checks have zero external dependencies and work without these packages.

Links

GitHub — source, docs, getting started guide
npm — package registry
MIT licensed

安全使用建议

This plugin appears to do what it claims, but take these precautions before installing: - Verify the package source and publisher on npm/GitHub (the SKILL.md and package.json point to a GitHub repo and an npm package). Confirm the maintainer identity and package integrity (checksums, npm publisher account). - Audit and protect the audit log and state files. The plugin records tool names and arguments (and optionally DLP matches) in audit.jsonl and other state files; these can contain secrets. Ensure the files are stored in a safe location with correct filesystem permissions (not world-readable) and consider enabling disk encryption or restricting access. - Review and customize policy.json before enabling wide privileges. The default policy is deny-by-default, but double-check allowedTools, roles, rate limits, and any escalation settings to match your environment. - Optional packages (@gatewaystack/transformabl-core, @gatewaystack/limitabl-core) are only required for DLP and behavioral features; install them only if you need those features and trust their source. - Run the plugin self-test (npm test or the CLI self-test) and inspect the code (already included) if you have concerns; if you operate in a high-security environment, trial in an isolated instance first. Overall: coherent and consistent with its stated purpose, but the audit/state data it creates is sensitive — protect those files and verify the package origin before deploying.

功能分析

Type: OpenClaw Skill Name: gatewaystack-governance Version: 0.2.0 This OpenClaw skill bundle implements a comprehensive governance layer designed to protect against various security threats, including prompt injection, data exfiltration, and unauthorized tool usage. The `SKILL.md` and `README.md` clearly state its purpose is to enforce security policies. The JavaScript/TypeScript code (e.g., `scripts/governance/injection.js`, `scripts/governance/check.js`, `src/plugin.js`) consistently implements defensive mechanisms such as identity verification, tool allowlisting, rate limiting, and sophisticated injection detection (including obfuscation and multi-language patterns). File system operations are confined to policy loading, audit logging (`audit.jsonl`), and state management (`.rate-limit-state.json`, `.behavioral-baseline.json`, `.pending-reviews.json`), all for security enforcement. There is no evidence of intentional malicious behavior; all potentially risky capabilities are used for protective measures.

能力评估

✓ Purpose & Capability

Name/description (governance for tool calls) align with the included code and package.json: it implements identity, scope, rate limiting, injection detection, audit logging, optional DLP/behavioral features, and registers as an OpenClaw plugin. Required binary is only 'node', which is appropriate for a Node.js plugin.

ℹ Instruction Scope

SKILL.md and code are explicit about what they read/write: policy.json, audit.jsonl, baseline and state files (.agent-tool-usage.json, .pending-reviews.json, .behavioral-baseline.json). The plugin logs full context of tool calls (including arguments) to an append-only JSONL file — this is expected for audit but may capture sensitive data. Instructions do not appear to read unrelated system credentials or network endpoints; they focus on plugin policy, audit, and optional GatewayStack packages.

✓ Install Mechanism

No remote-download install spec inside the skill bundle; SKILL.md instructs installation via 'openclaw plugins install @gatewaystack/gatewaystack-governance' / npm. package.json is present and lists peer dependencies (optional) from the same namespace. There are no obscure URLs, shorteners, or arbitrary archive extracts in the provided files.

✓ Credentials

The skill requests no environment variables or external credentials. Peer dependencies for optional features are reasonable. The main proportionality concern is that audit logs and state files store tool arguments and summaries (which can contain secrets) — the plugin design requires this for audit/behavioral features, so it is proportionate but worth protecting.

✓ Persistence & Privilege

The skill is not marked 'always:true' and uses the normal plugin extension points (openclaw.extensions → src/plugin.js). It registers hooks to intercept tool calls which is documented and expected for a governance plugin. It does create local state and log files in the plugin/session area, which is normal for this functionality.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install gatewaystack-governance
安装完成后，直接呼叫该 Skill 的名称或使用 /gatewaystack-governance 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v0.2.0

Add output DLP, escalation, and behavioral monitoring (v0.2.0)

v0.1.1

- Initial release of gatewaystack-governance for OpenClaw. - Implements deny-by-default governance on every tool call, with five automatic checks: identity, scope, rate limiting, injection detection, and audit logging. - Hooks into OpenClaw at the process level to prevent bypass. - Zero-configuration activation; customizable via a policy file. - Comprehensive audit logging records every decision.

元数据

Slug gatewaystack-governance

版本 0.2.0

许可证 —

累计安装 0

当前安装数 0

历史版本数 2

常见问题