← 返回 Skills 市场
dgriffin831

Guardrails

作者 dgriffin831 · GitHub ↗ · v1.0.1
cross-platform ⚠ suspicious
2168
总下载
0
收藏
9
当前安装
2
版本数
在 OpenClaw 中安装
/install guardrails
功能描述
Interactively configure, review, and monitor security guardrails for your OpenClaw workspace by discovering risks, interviewing users, and generating GUARDRA...
使用说明 (SKILL.md)

guardrails - Interactive Security Guardrails Configuration

Helps users configure comprehensive security guardrails for their OpenClaw workspace through an interactive interview process.

Commands

guardrails setup

Interactive setup mode - Guides user through creating their GUARDRAILS.md file.

Workflow:

  1. Run environment discovery: bash scripts/discover.sh
  2. Classify risks: bash scripts/discover.sh | python3 scripts/classify-risks.py
  3. Generate tailored questions: bash scripts/discover.sh | python3 scripts/classify-risks.py | python3 scripts/generate_questions.py
  4. Conduct interactive interview with the user:
    • Ask questions from the generated question bank (tailored to discovered environment)
    • Present suggestions for each question
    • Allow custom answers
    • Follow up when appropriate
  5. Generate GUARDRAILS.md: echo '\x3Cjson>' | python3 scripts/generate_guardrails_md.py /path/to/guardrails-config.json
    • Stdin JSON format: {"discovery": {...}, "classification": {...}, "answers": {...}}
  6. Present the generated GUARDRAILS.md for review
  7. Ask for confirmation before writing to workspace
  8. Write GUARDRAILS.md to workspace root
  9. Save guardrails-config.json to workspace root

Important:

  • Be conversational and friendly during the interview
  • Explain why each question matters
  • Provide context about discovered risks
  • Highlight high-risk skills/integrations
  • Allow users to skip or customize any answer
  • Review the final output with the user before writing

guardrails review

Review mode - Check existing configuration against current environment.

Workflow:

  1. Run discovery and classification
  2. Load existing guardrails-config.json
  3. Compare discovered skills/integrations against config
  4. Identify gaps (new skills not covered, removed skills still in config)
  5. Ask user about gaps only - don't re-interview everything
  6. Update config and GUARDRAILS.md if changes needed

guardrails monitor

Monitor mode - Detect changes and potential violations.

Workflow:

  1. Run: bash scripts/monitor.sh
  2. Parse the JSON report
  3. If status is "ok": silent or brief acknowledgment
  4. If status is "needs-attention": notify user with details
  5. If status is "review-recommended": suggest running guardrails review

Can be run manually or via cron/heartbeat.

Files Generated

  • GUARDRAILS.md - The main guardrails document (workspace root)
  • guardrails-config.json - Machine-readable config for monitoring (workspace root)

Notes

  • This skill only helps create guardrails - enforcement is up to the agent
  • Discovery (discover.sh) uses bash + jq; classification (classify-risks.py) uses Python standard library only
  • Question generation and GUARDRAILS.md generation require an LLM — set OPENAI_API_KEY or ANTHROPIC_API_KEY
  • Python scripts require the requests library (pip install requests)
  • Discovery and classification are read-only operations
  • Only setup and review modes write files, and only with user confirmation
安全使用建议
What to know before installing or running this skill: - The skill will scan your workspace (skills, SKILL.md files, and many workspace files like USER.md, MEMORY.md, AGENTS.md) and produce a JSON discovery report. That discovery output (discovery, classification, and your interview answers) is sent verbatim to whichever LLM provider you configure (OpenAI or Anthropic) when generating questions and GUARDRAILS.md. - The registry metadata does not list OPENAI_API_KEY or ANTHROPIC_API_KEY as required env vars, but the scripts require one of those keys to run the LLM steps. This is an inconsistency you should correct or be aware of. - Potential sensitive data exposure: discovery includes file previews and memory entries; monitor.sh scans memory files for keywords. If your workspace contains secrets or sensitive documents, those could be included in the payload sent to the external LLM provider. - Recommended precautions: - Inspect and run scripts locally in a safe/isolated workspace first (set WORKSPACE to a test directory) to see what discovery collects: bash scripts/discover.sh and python scripts/classify-risks.py are read-only and can be run without API keys. - Do NOT export your real OPENAI_API_KEY / ANTHROPIC_API_KEY into the environment until you are comfortable with the exact JSON that will be sent. Generate and review the discovery JSON, then decide whether to remove sensitive previews before calling the LLM. - If you must use an LLM, consider using a provider/account/policy that you trust, or run with a local LLM if you have one and update the code accordingly. - Ensure you have jq and python3 'requests' installed as noted; and verify the skill's claim that it asks for confirmation before writing GUARDRAILS.md / guardrails-config.json. - Prefer auditing the code and testing in a sandbox before running monitor mode against a production workspace. - If you plan to publish or share this skill, ask the author to: (1) add explicit required env vars (OPENAI_API_KEY/ANTHROPIC_API_KEY) to metadata; (2) clearly document that full discovery JSON (including file previews and memory) is sent to external LLMs; and (3) offer an option to redact file previews by default.
功能分析
Type: OpenClaw Skill Name: guardrails Version: 1.0.1 The skill sends extensive workspace environment data, including skill details, previews of workspace files (first 20 lines), channel configurations, integration information, and user interview answers, to external LLM APIs (OpenAI/Anthropic). While this data transfer is arguably necessary for the skill's stated purpose of generating tailored guardrails and questions, it represents a significant data exposure risk to third-party services. This behavior is primarily observed in `scripts/generate_guardrails_md.py` and `scripts/generate_questions.py`. There is no clear evidence of intentional malicious data exfiltration to unauthorized endpoints or other harmful behaviors.
能力评估
Purpose & Capability
The skill's name and scripts align with an interactive guardrails generator: discover workspace, classify risks, ask questions, and generate GUARDRAILS.md. However, the runtime relies on external LLM providers (OPENAI_API_KEY or ANTHROPIC_API_KEY) for question generation and document generation, yet the registry metadata lists no required environment variables or primary credential. That mismatch between declared metadata and actual runtime needs is incoherent and should be fixed.
Instruction Scope
The SKILL.md instructs the agent to run discover.sh which reads workspace skills, many workspace files (USER.md, MEMORY.md, AGENTS.md, GUARDRAILS.md, etc.), and ~/.openclaw/openclaw.json; monitor.sh scans workspace/memory for keywords. The generate_* scripts then send the entire discovery/classification/answers JSON to external LLMs. That means potentially sensitive workspace content and memory entries will be transmitted off-host — this is within the skill's stated functionality (it needs context), but it is a significant data-exfiltration risk and is not fully surfaced in the registry metadata or with explicit cautions about what will be sent to third-party APIs.
Install Mechanism
There is no install spec (instruction-only skill with bundled scripts). This is lower risk than an arbitrary installer. The scripts run locally and don't download remote code. They do require Python 'requests' and jq; README/SKILL.md mention those requirements. No network-based installer or suspicious download URLs were found.
Credentials
Although the skill logically needs an LLM provider to generate questions and the markdown output, the registry metadata does not declare OPENAI_API_KEY or ANTHROPIC_API_KEY as required environment variables. The code will call external APIs (OpenAI/Anthropic) and will send the full discovery payload (which includes file previews, skill SKILL.md contents, and potentially channel/config info). The skill also reads memory files. Asking for LLM API keys and then sending workspace data to those providers is proportionate to the feature, but the lack of explicit credential declarations and the breadth of data collected make this a privacy/credential disclosure concern.
Persistence & Privilege
The skill does not request always:true or modify other skills' configs. It writes GUARDRAILS.md and guardrails-config.json to the workspace when the user confirms (per SKILL.md). The README claims it does not create cron jobs or modify AGENTS.md. monitor.sh can be run manually or via cron, but the skill itself does not install persistent hooks.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install guardrails
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /guardrails 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
- Switched risk classification script from Node.js (classify-risks.js) to Python (classify-risks.py). - Updated workflow commands to use the new Python risk classifier. - Clarified that classification uses only the Python standard library. - Removed references to Node.js for classification step in documentation.
v1.0.0
guardrails 1.0.0 – Initial Release - Introduces interactive security guardrails setup with environment discovery, risk classification, and custom question flow - Generates tailored GUARDRAILS.md and guardrails-config.json files for the workspace - Adds review mode to check configuration against environment changes and update only where gaps are detected - Provides monitor mode to detect and report violations or changes, with optional notifications and suggestions - Ensures all changes are confirmed by user before writing to disk - Emphasizes a conversational, user-friendly experience throughout configuration
元数据
Slug guardrails
版本 1.0.1
许可证
累计安装 9
当前安装数 9
历史版本数 2
常见问题

Guardrails 是什么?

Interactively configure, review, and monitor security guardrails for your OpenClaw workspace by discovering risks, interviewing users, and generating GUARDRA... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 2168 次。

如何安装 Guardrails?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install guardrails」即可一键安装,无需额外配置。

Guardrails 是免费的吗?

是的,Guardrails 完全免费(开源免费),可自由下载、安装和使用。

Guardrails 支持哪些平台?

Guardrails 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Guardrails?

由 dgriffin831(@dgriffin831)开发并维护,当前版本 v1.0.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论