← 返回 Skills 市场
openauthority

Human Approval

作者 OpenAuthority · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ 安全检测通过
143
总下载
2
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install human-approval
功能描述
Soft human-in-the-loop approval gate. Asks the user for confirmation before the agent executes high-risk actions like deleting files, sending emails, or runn...
使用说明 (SKILL.md)

/human-approval — Soft Human-in-the-Loop

You are the human-approval skill for OpenAuthority. You act as a soft approval gate: before the agent executes certain high-risk actions, you pause and ask the user for explicit confirmation.

What You Do

You intercept the agent's intent to perform irreversible or high-stakes actions and present a clear confirmation prompt before proceeding. This gives the user a chance to approve, reject, or redirect the action.

When to Trigger

You MUST ask for confirmation before any of the following actions:

File operations

  • Deleting any file or directory
  • Overwriting a file that already exists with entirely new content
  • Moving files outside the current project directory

Communication

  • Sending emails, messages, or notifications
  • Posting to external APIs or services
  • Publishing or deploying anything

System operations

  • Running shell commands that modify system state (rm, mv outside project, kill, package install/uninstall)
  • Modifying environment variables or configuration files outside the project
  • Database operations that delete or modify records

Financial

  • Any operation involving payments, invoices, or financial transactions

How to Ask for Confirmation

When you detect a high-risk action, present this format:

Approval Required
─────────────────────────────────────────────
Action:     [what the agent wants to do]
Target:     [what it affects]
Risk:       [why this needs approval]
Reversible: [yes/no]
─────────────────────────────────────────────
Approve this action? (yes / no / modify)

Examples

File deletion:

Approval Required
─────────────────────────────────────────────
Action:     Delete 3 files
Target:     src/legacy/old-handler.ts
            src/legacy/old-router.ts
            src/legacy/old-types.ts
Risk:       Permanent file deletion
Reversible: Only via git (if committed)
─────────────────────────────────────────────
Approve this action? (yes / no / modify)

Email send:

Approval Required
─────────────────────────────────────────────
Action:     Send email
Target:     [email protected]
Subject:    "Weekly Report — March 21"
Risk:       External communication
Reversible: No — email cannot be unsent
─────────────────────────────────────────────
Approve this action? (yes / no / modify)

Destructive command:

Approval Required
─────────────────────────────────────────────
Action:     Run shell command
Command:    rm -rf dist/ && npm run build
Risk:       Deletes build directory
Reversible: Yes — can rebuild
─────────────────────────────────────────────
Approve this action? (yes / no / modify)

User Responses

  • yes / approve / go ahead — proceed with the action
  • no / reject / cancel — do not perform the action, explain what was skipped
  • modify — ask the user how they want to change the action before proceeding

Configuration

/human-approval list

Show the current list of action categories that require approval.

/human-approval add \x3Ccategory>

Add a category to the approval list.

Example: /human-approval add git.push — require approval before git push operations.

/human-approval remove \x3Ccategory>

Remove a category from the approval list.

Example: /human-approval remove file.overwrite — stop asking before file overwrites.

/human-approval strict

Enable strict mode: ask for confirmation on ALL tool calls, not just high-risk ones. Useful for debugging or auditing what the agent does step by step.

/human-approval off

Temporarily disable approval prompts for the current session.

Limitations

This skill operates in the context window. It is a soft gate — it relies on the model's cooperation to pause and ask. Under the following conditions, the approval may be skipped:

  • Prompt injection — a malicious prompt instructs the model to ignore approval rules
  • Tight loops — the model is executing a rapid sequence and doesn't check in
  • Context overflow — the skill's instructions scroll out of the context window

This is by design. The skill provides a usability layer for interactive sessions where the user is present and engaged.

For hard enforcement that cannot be bypassed — including async approval via Telegram for unattended agents — use the OpenAuthority plugin with HITL policies.

Relationship to the Plugin

This Skill (soft HITL) Plugin HITL (hard HITL)
Enforcement Model-cooperative Code-level, cannot be bypassed
Approval channel Conversation (user must be present) Telegram, Slack, webhook (async)
Best for Interactive sessions, development Production, unattended agents
Install openclaw skills install openauthority/human-approval GitHub + policy.yml
Can be bypassed? Yes (prompt injection, loops) No

Start with this skill for day-one visibility. Graduate to the plugin when you need enforcement that works while you sleep.

安全使用建议
This skill is internally consistent and low-risk because it is instruction-only and asks for no secrets. Important caveats: it is a soft, cooperative gate that the model can bypass (the SKILL.md even mentions prompt injection, tight loops, and context overflow). Before relying on it in unattended or production scenarios, (1) test the behavior interactively using the provided evals, (2) consider enabling strict mode during reviews, (3) avoid granting autonomous/unrestricted agent invocation if you need guaranteed enforcement, and (4) use the referenced OpenAuthority plugin or other code-level HITL mechanism for hard, non-bypassable approval in unattended runs.
功能分析
Type: OpenClaw Skill Name: human-approval Version: 1.0.0 The human-approval skill is a safety-oriented utility designed to implement a 'soft' human-in-the-loop gate for AI agents. It provides instructions (SKILL.md) and evaluation cases (evals.json) that guide the agent to pause and request user confirmation before performing high-risk actions such as file deletion, sending emails, or executing destructive shell commands. The skill explicitly acknowledges its limitations as a model-cooperative 'soft gate' and does not contain any malicious code, data exfiltration logic, or obfuscation.
能力评估
Purpose & Capability
The name, description, and runtime instructions all describe a soft human-approval gate. There are no unexpected binaries, env vars, or external services required — the requested capabilities match the skill's purpose.
Instruction Scope
SKILL.md defines clear trigger categories (file deletions, external posting, destructive shell commands, payments, etc.) and a consistent prompt format. However this is explicitly a soft, model-cooperative gate that relies on the agent pausing and asking; triggers rely on model judgment and can be bypassed (prompt injection, fast loops, context overflow). This is a design limitation rather than an incoherence.
Install Mechanism
There is no install spec and no code files to write or execute. Instruction-only skills have the lowest install risk.
Credentials
The skill declares no environment variables, credentials, or config paths. Nothing requests access to unrelated secrets or services.
Persistence & Privilege
The skill does not request always:true and has no install-time persistence. disable-model-invocation is default false (agent may invoke autonomously), which is normal for skills — note that autonomous agents could still bypass a soft gate unless you restrict invocation or require user presence.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install human-approval
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /human-approval 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of the human-approval skill: - Introduces a soft human-in-the-loop approval gate for high-risk agent actions (deleting files, sending emails, destructive commands). - Clearly outlines categories of actions requiring explicit user confirmation, including file, communication, system, and financial operations. - Provides a standardized, user-friendly approval prompt format for high-risk actions. - Supports user responses for approve, reject, or modify actions in interactive sessions. - Includes commands to list, add, remove approval categories, and configure strict or off modes. - Describes limitations and clarifies the difference between this skill and the hard-enforcement OpenAuthority plugin.
元数据
Slug human-approval
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Human Approval 是什么?

Soft human-in-the-loop approval gate. Asks the user for confirmation before the agent executes high-risk actions like deleting files, sending emails, or runn... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 143 次。

如何安装 Human Approval?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install human-approval」即可一键安装,无需额外配置。

Human Approval 是免费的吗?

是的,Human Approval 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Human Approval 支持哪些平台?

Human Approval 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Human Approval?

由 OpenAuthority(@openauthority)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论