← 返回 Skills 市场
schchit

JEP Guard

作者 JEP (Judgment Event Protocol) · GitHub ↗ · v2.0.4 · MIT-0
cross-platform ✓ 安全检测通过
493
总下载
1
收藏
3
当前安装
7
版本数
在 OpenClaw 中安装
/install jep-guard
功能描述
JEP Guard intercepts high-risk commands, requires user confirmation, issues temporary tokens, and logs actions with exportable audit receipts.
使用说明 (SKILL.md)

JEP Guard

Causal Operating System for OpenClaw Skills

Invisible protection. Complete audit. Trusted reputation.

Install

claw install jep-guard

Quick Start

# Initialize (interactive wizard)
claw run jep-guard init

# Start daemon (explicit manual start)
claw run jep-guard daemon --mode skill_os

# View dashboard
claw run jep-guard dashboard

What It Does

  • Protects — Blocks risky operations before execution (Causal Gate)
  • Audits — Records every judgment, delegation, verification in JEP format
  • Traces — Reconstructs "who did what and why" across multiple agents
  • Certifies — Gives skills reputation scores based on real performance

For Users

You: "Plan my trip to Tokyo"
planner-skill → search-skill → booking-skill

[JEP Guard] ✅ 12 events protected · 0 blocked · 1 chain

For Skill Developers

const guard = require('@jep-guard/sdk').init('my-skill');

// Before acting
const { token } = await guard.judge({ action: 'write', target: file });

// After acting
await guard.verify(eventId, 'approved', ['sha256:...']);

Architecture

OpenClaw Skills
      ↓
JEP Guard Daemon
  ├── Causal Gate      (pre-execution control)
  ├── Skill Registry   (identity + capabilities)
  ├── Causal Router    (cross-skill delegation)
  ├── Policy Engine    (OPA/Cedar rules)
  ├── Reputation       (objective scoring)
  └── Audit Stream     (JEP standard export)

Security Notes (v2.0.4)

  • Installer does not auto-start background processes.
  • No shell commands are executed during install/uninstall.
  • Full-protection mode requires explicit interactive consent.

References

安全使用建议
What to consider before installing: - The package appears to be exactly what it says: a local security/audit daemon that intercepts OpenClaw skill actions and writes audit logs to ~/.jep-guard. Its hooks use a local IPC socket and do not auto-start the daemon — you must start the daemon explicitly. - Review and verify the remaining daemon code (server/router/audit/registry files that were omitted/truncated in the bundle). Those files are responsible for the server-side behavior (network endpoints, any outbound calls, permissions) and are the highest-value review items for security. - Before enabling Full Protection (mode 'full' / manual init): - Inspect daemon/server.js (and router/audit/registry implementations) for any code that performs outbound network calls, binds non-local sockets, or performs privilege escalation. - Check file permissions for ~/.jep-guard (guard.key and audit files) to ensure keys and logs are readable only by the intended user (mode 600/700 used in scripts is appropriate). - When starting the daemon, confirm the IPC socket path ownership/permissions so an attacker cannot create or hijack the socket. Prefer running the daemon as a dedicated, non-root user. - If you want minimal risk initially: install in Passive mode (the installer defaults to it and the post-install script documents that) so you have SDK/logging without interception, and only enable Full mode after code review and manual testing in an isolated environment. - Because some files were truncated in the provided bundle, I recommend either inspecting the full source from the declared repository (https://github.com/hjs-foundation/jep-guard) or running the package in a sandbox/VM and monitoring network and filesystem activity before trusting it in production.
功能分析
Type: OpenClaw Skill Name: jep-guard Version: 2.0.4 JEP Guard v2.0.4 is a security and auditing framework for the OpenClaw ecosystem that implements the Judgment Event Protocol (JEP). It functions as a 'Causal Operating System' by intercepting skill executions via OpenClaw hooks to provide authorization gating, causal tracing, and reputation scoring. The codebase is professionally structured and demonstrates significant security hardening, such as the complete removal of shell command execution (child_process) in favor of pure Node.js APIs and the requirement for explicit user consent and manual daemon activation. No evidence of data exfiltration, unauthorized persistence, or malicious intent was found; the high-privilege capabilities requested (process control and local networking) are strictly aligned with its stated purpose as a security middleware.
能力标签
cryptorequires-walletrequires-sensitive-credentials
能力评估
Purpose & Capability
Name/description, manifest capabilities (process control, file_write, local IPC), lifecycle hooks, and SDK/hooks implementation all align: the package builds a local daemon, listens on a local socket, intercepts preExec/postExec/preDelegate calls, and writes audit logs to ~/.jep-guard. Declared risk_level 'critical' is reasonable given it intercepts skill execution.
Instruction Scope
Runtime instructions and hooks confine themselves to OpenClaw hooks, local filesystem (~/.jep-guard), and a local IPC socket (os.tmpdir()/jep-guard.sock). Hooks do not run arbitrary shell commands and have fallbacks if the daemon/socket is absent. Note: the guardCall uses a local TCP/UNIX socket — if some other local process could bind/replace that socket, it could alter behavior; the code relies on local IPC trust and the config/consent files to enable full mode.
Install Mechanism
This is an instruction-only skill manifest with included source and Node.js lifecycle hooks; the post-install and pre-uninstall scripts use only pure Node.js libraries (fs, tar, net, tweetnacl) and explicitly promise no spawn/exec or auto-start. There are no remote downloads in the shown scripts; dependencies are standard npm packages. No URL shorteners or remote extract operations seen in provided files.
Credentials
The skill declares no required environment secrets and lists only a few optional env flags (JEP_PASSIVE, JEP_LITE, CI, JEP_PURGE) used for installation modes. It writes keys and audit logs to a local config directory and documents that explicit consent is required to change OpenClaw runtime settings. Requested capabilities (local IPC, file write, process interception) match the stated purpose.
Persistence & Privilege
The skill does not set always:true and requires manual daemon start (post-install explicitly disables auto-start). The manifest and installer declare that enabling full protection modifies OpenClaw runtime settings only with explicit consent. This is a privileged capability (intercepting skill executions), but the package documents and implements explicit consent and local manual start — review of the daemon code (truncated here) is still recommended before enabling full mode.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install jep-guard
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /jep-guard 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.0.4
- Added new security notes in SKILL.md clarifying installation and execution behaviors. - Updated documentation to reflect explicit manual start for the daemon process. - Moved and reorganized test files for better structure; added __tests__/jep-core.test.ts, removed src/core/__tests__/jep-core.test.ts. - Added new executable script: bin/jep-guard.
v2.0.2
Version 2.0.2 of jep-guard contains no file changes. - No modifications were detected in this release. - Functionality, documentation, and configuration remain unchanged from the previous version.
v2.0.1
- No code or documentation changes in this release. - Version updated to 2.0.1 without content modifications.
v2.0.0
## v2.0.0 — Causal Operating System ### What's New **🔥 Causal Gate** — Pre-execution control. No JEP event, no execution. Default-deny with adaptive confirmation. **🌐 Cross-Agent Delegation** — Skills delegate through verified routing. Full causal chain with loop detection. **🏆 Skill Reputation** — Objective scores from verifiable JEP history. Check before you hire. **🔐 Built-in Ed25519** — Zero-config signing. Every event cryptographically verifiable offline. **📊 Interactive Dashboard** — Real-time causal graph. Export compliance reports in one command. **🔌 AEGIS Integration** — Records what AEGIS blocks. Prevention + traceability unified. ### UX Silent by default. 95% auto-approved. Minimal notifications. Graceful uninstall with data choice. ### Architecture v1.0.2: Local bodyguard → v2.0.0: Multi-agent causal OS with gate, registry, router, policy, reputation, dispute, audit. ### Breaking Config updated. Run `claw run jep-guard init` to migrate. ### Refs IETF: [JEP](https://datatracker.ietf.org/doc/draft-wang-jep/) · [JAC](https://datatracker.ietf.org/doc/draft-wang-jac/) · MIT-0
v1.0.2
Version 1.0.2 - Documentation & Accuracy Update Changes: - Removed references to unimplemented features (auto-approve, jepEnabled) - Fixed config handler filename to match manifest - Added clear privacy warnings and log level risk levels - Explicitly documented JEP SDK dependency - All docs now accurately reflect implemented features This release focuses on accuracy and transparency. No functional changes.
v1.1.0
# JEP Guard 1.0.1 - Privacy & Security Update ## 🔒 Privacy Improvements - **Default log level changed to MINIMAL** - Only command names are logged (was full arguments) - **Clear warning during installation** about logging practices - Configurable log levels: minimal (safe), normal (redacted), verbose (full) ## 🔑 JEP Signing Fix - **REMOVED ALL PLACEHOLDER KEYS** - No more "dev-key-placeholder" - Receipts only generated when user provides real private key - Added `keygen` command to generate Ed25519 key pairs ## 🛠️ Bug Fixes - Fixed environment variable handling (auth tokens now properly serialized) - Removed unnecessary network permissions - Added privacy warnings to documentation ## 📝 Full Details See SKILL.md for complete privacy disclosure and usage instructions.
v1.0.0
# JEP Guard 1.0.0 - Initial Release ## Features - 🛡️ High-risk command interception- Blocks dangerous commands like `rm`, `mv`, `cp` before execution - ✅ User confirmation dialog - Prompts for approval before allowing risky operations - 🔐 Temporary authorization tokens - 5-minute expiry tokens for one-time approvals - 📝 JEP Receipt generation - Every action gets a cryptographically verifiable receipt - 🔍 Audit logging & export - Complete log of all actions with `claw run jep-guard export` - ⚙️ Configurable settings - Toggle protection on/off with `claw run jep-guard config` - 🚀 Auto-approve feature - Mark trusted commands to skip confirmation - 🧹 Clean uninstall - Removes all logs and config files when uninstalled ## Security - All receipts follow the JEP protocol specification - Offline-verifiable proofs for every action - No telemetry or data collection
元数据
Slug jep-guard
版本 2.0.4
许可证 MIT-0
累计安装 3
当前安装数 3
历史版本数 7
常见问题

JEP Guard 是什么?

JEP Guard intercepts high-risk commands, requires user confirmation, issues temporary tokens, and logs actions with exportable audit receipts. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 493 次。

如何安装 JEP Guard?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install jep-guard」即可一键安装,无需额外配置。

JEP Guard 是免费的吗?

是的,JEP Guard 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

JEP Guard 支持哪些平台?

JEP Guard 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 JEP Guard?

由 JEP (Judgment Event Protocol)(@schchit)开发并维护,当前版本 v2.0.4。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论