← 返回 Skills 市场
governance-guard
作者
MetaCortex Dynamics
· GitHub ↗
· v0.1.0
356
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install governance-guard
功能描述
Structural authority separation for autonomous agent actions. Three-phase governance pipeline: PROPOSE, DECIDE, PROMOTE. No action is both proposed and appro...
使用说明 (SKILL.md)
\r \r
governance-guard\r
\r Governance guard enforces structural authority separation on all agent actions through a PROPOSE-DECIDE-PROMOTE pipeline.\r \r
When to activate\r
\r Before performing any write, execute, network, create, or delete action. The governance pipeline MUST be invoked before the action executes. Read actions may also be governed under standard or strict policies.\r \r
How to use\r
\r
1. Full pipeline (recommended)\r
\r Run the complete PROPOSE → DECIDE → PROMOTE pipeline in a single call:\r \r
npx tsx scripts/governance.ts pipeline '\x3Cintent-json>' --policy policies/standard.yaml\r
```\r
\r
The intent JSON must include:\r
- `skill`: skill identifier\r
- `tool`: tool/function being invoked\r
- `model`: LLM model name\r
- `actionType`: one of `read`, `write`, `execute`, `network`, `create`, `delete`\r
- `target`: resource being acted upon\r
- `parameters`: tool parameters (object)\r
- `dataScope`: data categories accessed (array, e.g. `["personal", "financial"]`)\r
- `conversationId`: current conversation ID\r
- `messageId`: current message ID\r
- `userInstruction`: the user message that triggered this action\r
\r
### 2. Handle the verdict\r
\r
The pipeline returns a JSON response:\r
\r
- If `"governance": "approved"` — proceed with the action\r
- If `"governance": "deny"` — do NOT proceed; inform the user with the `reason`\r
- If `"governance": "escalate"` — present the action to the user for approval:\r
\r
```\r
Action requires your approval:\r
Skill: \x3Cskill>\r
Action: \x3CactionType> on \x3Ctarget>\r
Reason: \x3Creason>\r
Reply APPROVE or DENY\r
```\r
\r
Then resolve:\r
\r
```bash\r
npx tsx scripts/governance.ts resolve-escalation \x3Cintent-id> approve\r
# or\r
npx tsx scripts/governance.ts resolve-escalation \x3Cintent-id> deny\r
```\r
\r
### 3. Audit decisions\r
\r
```bash\r
npx tsx scripts/governance.ts audit --last 10\r
```\r
\r
## Policy presets\r
\r
| Preset | Default | Description |\r
|--------|---------|-------------|\r
| `minimal` | approve | Blocks only credentials and destructive commands. Lowest friction. |\r
| `standard` | deny | Allows common ops, escalates network and data access. Recommended. |\r
| `strict` | deny | Reads only. Everything else requires explicit approval. Maximum safety. |\r
\r
## Fail-closed guarantee\r
\r
If any error occurs during governance evaluation, the default verdict is **DENY**. Missing policy files result in DENY ALL. This is by design. The system fails safe, never open.\r
\r
## Configuration\r
\r
Governance data is stored in `~/.openclaw/governance/`:\r
- `policy.yaml` — active policy file\r
- `witness.jsonl` — append-only, hash-chained audit log\r
\r
## Verify witness chain\r
\r
```bash\r
npx tsx scripts/governance.ts verify\r
```\r
\r
Any tampering with historical records is detected by recomputing the hash chain from genesis.\r
安全使用建议
This skill appears to implement exactly what it claims: a local, deterministic governance gate with an append-only witness log. Before installing, consider the following: (1) the witness log stores full intent objects (including userInstruction and conversation IDs) in plaintext at ~/.openclaw/governance/witness.jsonl — if those could contain secrets or private user messages, plan for encryption or a restricted path/permissions; (2) review and customize the provided policy presets (minimal/standard/strict). The standard policy currently permits reads of ~/**; ensure sensitive_data patterns cover all files you consider secret (dotfiles, config directories, application-specific credential locations); (3) confirm your runtime meets Node >=22 and that installing tsx is acceptable in your environment; (4) the system is fail-closed (errors → deny), which is safe for gating, but you should test escalation/resolve flows to ensure they fit your approval process. If you need the audit log to be stored elsewhere or encrypted, request or modify the code to change witnessPath behavior before deployment.
功能分析
Type: OpenClaw Skill
Name: governance-guard
Version: 0.1.0
This skill bundle, 'governance-guard', is designed to enhance the security of autonomous agent actions by implementing a three-phase PROPOSE-DECIDE-PROMOTE pipeline. It features a fail-closed design, a deterministic policy engine (explicitly not involving an LLM to prevent prompt injection), cryptographic hash binding for action intents and audit records, and robust validation. The `SKILL.md` instructions guide the agent to use this governance system, not to bypass it. Policy files (`policies/*.yaml`) explicitly block access to sensitive data like credentials and SSH keys. All dependencies are standard development tools. There is no evidence of data exfiltration, unauthorized remote execution, persistence mechanisms, or obfuscation. The custom YAML parser and direct `JSON.parse` on CLI arguments are potential areas for subtle bugs, but the design prioritizes security (e.g., minimal YAML subset, input validation) and does not indicate malicious intent or critical, easily exploitable vulnerabilities.
能力评估
Purpose & Capability
Name/description (a PROPOSE→DECIDE→PROMOTE governance pipeline) matches the provided code, policies, and CLI. Required binaries (node, npx) and the tsx package are appropriate for a TypeScript CLI. No unexpected credentials, network endpoints, or unrelated binaries are requested.
Instruction Scope
SKILL.md and scripts instruct the agent/operator to run a local CLI that serializes intents and evaluates policies. The system records full ActionIntent objects (including userInstruction, conversationId, messageId) into an append-only witness file in the user's home directory. This is expected for auditing but means user messages and intent payloads are persisted in plaintext by default.
Install Mechanism
Install uses a single npm package (tsx) via the Node ecosystem (package.json/devDependencies). All code is present in the repo; there are no downloads from arbitrary URLs or obscure hosts. Node engine requirement is >=22 which may be stricter than some runtimes.
Credentials
The skill does not request environment variables or external credentials, which is proportional. However, policies (e.g., standard.yaml) allow read access to the home directory (~/**) and the witness log writes intent/userInstruction to ~/.openclaw/governance/witness.jsonl — review sensitive_data patterns to ensure all sensitive paths are covered and consider encryption of audit logs if required.
Persistence & Privilege
The skill creates and writes an audit directory at ~/.openclaw/governance/ (policy.yaml, witness.jsonl). always:false and no modifications to other skills or system-wide settings. Persisting plaintext intents in the user's home directory is normal for an audit log but increases privacy risk if the log contains sensitive user content.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install governance-guard - 安装完成后,直接呼叫该 Skill 的名称或使用
/governance-guard触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial release: PROPOSE→DECIDE→PROMOTE pipeline, 3 policy presets, hash-chained witness log
元数据
常见问题
governance-guard 是什么?
Structural authority separation for autonomous agent actions. Three-phase governance pipeline: PROPOSE, DECIDE, PROMOTE. No action is both proposed and appro... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 356 次。
如何安装 governance-guard?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install governance-guard」即可一键安装,无需额外配置。
governance-guard 是免费的吗?
是的,governance-guard 完全免费(开源免费),可自由下载、安装和使用。
governance-guard 支持哪些平台?
governance-guard 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 governance-guard?
由 MetaCortex Dynamics(@devongenerally-png)开发并维护,当前版本 v0.1.0。
推荐 Skills