← 返回 Skills 市场

Kevros Governance

Name: Kevros Governance
Author: knuckles-stack

作者 knuckles-stack · GitHub ↗ · v0.3.8 · MIT-0

cross-platform ⚠ suspicious

271

总下载

当前安装

版本数

在 OpenClaw 中安装

/install kevros-governance

功能描述

Implements cryptographic governance for AI agents by verifying actions against policies and recording signed, tamper-evident audit trails.

使用说明 (SKILL.md)

Kevros — Governance-as-a-Service for AI Agents\r

\r Every agent action verified. Every decision recorded. Every record signed.\r \r

What This Does\r

\r Kevros adds cryptographic governance to any AI agent. Before your agent takes an action (deploy code, move money, access data), Kevros evaluates it against your policies and returns a signed decision: ALLOW, CLAMP (adjusted to safe bounds), or DENY.\r \r Every decision is appended to a hash-chained, tamper-evident evidence ledger. Auditors can verify the entire chain without your source code.\r \r

Quick Start\r

from kevros_governance import GovernanceClient\r
\r
client = GovernanceClient(agent_id="my-agent")\r
result = client.verify(\r
    action_type="trade",\r
    action_payload={"symbol": "AAPL", "qty": 100},\r
    agent_id="my-agent",\r
)\r
print(result.decision)  # ALLOW, CLAMP, or DENY\r
```\r
\r
Or use the API directly:\r
\r
```bash\r
# Get a free API key (instant, no credit card)\r
curl -X POST https://governance.taskhawktech.com/signup \\r
  -H "Content-Type: application/json" \\r
  -d '{"agent_id": "my-agent"}'\r
\r
# Verify an action\r
curl -X POST https://governance.taskhawktech.com/governance/verify \\r
  -H "X-API-Key: kvrs_..." \\r
  -H "Content-Type: application/json" \\r
  -d '{"action_type": "deploy", "action_payload": {"service": "api"}, "agent_id": "my-agent"}'\r
```\r
\r
## Governance Primitives\r
\r
| Primitive | What It Proves | Cost |\r
|-----------|---------------|------|\r
| **Verify** | Agent is authorized — signed ALLOW/CLAMP/DENY | $0.01 |\r
| **Attest** | Action happened — hash-chained evidence | $0.02 |\r
| **Bind** | Intent matched command — cryptographic binding | $0.02 |\r
| **Bundle** | Compliance evidence package — independently verifiable | $0.25 |\r
| **Media Attest** | Media file integrity — SHA-256 in provenance chain | $0.05 |\r
\r
Free endpoints: verify-outcome, verify-token, verify-certificate, reputation lookup, passport, media verify.\r
\r
## Payment\r
\r
- **Free tier**: 1,000 calls/month, instant signup, no credit card\r
- **x402 (USDC on Base)**: Pay per call, no API key needed\r
- **Subscription**: Scout $29/mo, Sentinel $149/mo, Sovereign $499/mo\r
\r
## Why Agents Need This\r
\r
- **Audit trails**: When regulators ask "who authorized this agent action?", you have cryptographic proof\r
- **Fail-closed safety**: If governance fails, the agent stops. Not the other way around\r
- **Trust between agents**: Agent B can verify Agent A's release token without trusting Agent A\r
- **Evidence chain**: Hash-chained, append-only, independently verifiable\r
\r
## Integration\r
\r
- **Python SDK**: `pip install kevros`\r
- **TypeScript SDK**: `npm install @kevros/agentkit`\r
- **MCP**: `https://governance.taskhawktech.com/mcp/`\r
- **A2A**: `https://governance.taskhawktech.com/.well-known/agent.json`\r
- **x402**: `https://governance.taskhawktech.com/.well-known/x402`\r
- **REST API**: `https://governance.taskhawktech.com/api`\r
\r
Works with LangChain, CrewAI, OpenAI Agents SDK, Microsoft Agent Framework, and any HTTP client.\r
\r
## Links\r
\r
- Website: https://www.taskhawktech.com\r
- API Docs: https://governance.taskhawktech.com/api\r
- Quickstart: https://www.taskhawktech.com/quickstart\r
- Playground: https://www.taskhawktech.com/playground\r

安全使用建议

This skill reads like a legitimate governance service, but important questions remain: the registry entry provides no source repository or homepage provenance and the SKILL.md tells you to install third-party SDKs and call an external API (governance.taskhawktech.com). Before installing or using it: 1) Ask the publisher for links to the SDK source code (GitHub repo), package pages on PyPI/NPM, and API documentation; verify package names, maintainers, and checksums. 2) Review the SDK source code (or have it audited) before pip/npm install. 3) Do not send secrets, private keys, or high‑value data to the service until you confirm its trustworthiness and privacy policy. 4) Test interactions in a network‑restricted sandbox and monitor network calls. 5) Consider limiting the agent so it requires explicit user confirmation before invoking external governance endpoints. If the publisher cannot provide verifiable repository URLs and documentation, treat this skill as risky and avoid installing or using its SDKs or API keys.

功能分析

Type: OpenClaw Skill Name: kevros-governance Version: 0.3.8 The bundle contains documentation and metadata for 'Kevros,' a Governance-as-a-Service platform for AI agents. The SKILL.md file provides instructions and API examples for integrating cryptographic verification and audit logging via external endpoints (governance.taskhawktech.com). There is no executable code, evidence of data exfiltration, or malicious prompt injection; the instructions are consistent with the stated purpose of providing a safety and auditing framework for agent actions.

能力评估

✓ Purpose & Capability

Name and description claim cryptographic governance and the SKILL.md consistently describes verify/attest/bind primitives, API endpoints, SDK install commands and pricing. The requested capabilities align with the stated purpose.

ℹ Instruction Scope

The SKILL.md contains concrete runtime instructions (SDK usage examples, curl calls to governance.taskhawktech.com, and package install commands). It does not instruct the agent to read local secrets or system files, but it does direct network calls and use of API keys. Because this is instruction-only, those network calls would occur outside any packaged code — verify before sending sensitive data.

⚠ Install Mechanism

There is no install spec in the registry entry (lowest platform risk), but the instructions recommend installing third‑party packages (pip install kevros, npm install @kevros/agentkit). Those packages would come from public registries (PyPI/NPM) and are not provided or audited here — this is a supply‑chain risk and the skill gives no repo links or checksums.

ℹ Credentials

The skill declares no required env vars or credentials, but the examples expect an X-API-Key and direct signup to governance.taskhawktech.com. There is no guidance on key storage or scope. No unrelated credentials are requested, but sensitive data would be transmitted to an external service.

✓ Persistence & Privilege

Skill is instruction-only, has always:false, and does not request persistent system-wide privileges or modify other skills. Autonomous invocation is allowed (platform default) but not combined with other high privileges here.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install kevros-governance
安装完成后，直接呼叫该 Skill 的名称或使用 /kevros-governance 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v0.3.8

Kevros-governance 0.3.8 adds extensive new documentation and usage examples. - Introduced a comprehensive SKILL.md covering core features, governance primitives, payment plans, integration options, and quickstarts. - Clarified API, SDK, and payment options for easier onboarding. - Added detailed usage instructions for Python and REST API. - Provided a comparison table of governance primitives, costs, and supported endpoints. - Included links to website, documentation, and playground for fast access.

元数据

Slug kevros-governance

版本 0.3.8

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题