← 返回 Skills 市场
ivanpantheon

Navil Policy

作者 ivanpantheon · GitHub ↗ · v1.0.2 · MIT-0
cross-platform ✓ 安全检测通过
121
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install navil-policy
功能描述
Reduce MCP token costs by up to 94% and enforce least-privilege tool access. Creates YAML policies that control which MCP tools each agent can see and call....
安全使用建议
This skill is internally consistent with its purpose — it tells you to install and run a policy proxy that filters MCP tool lists. Before installing: (1) review the navil GitHub repo and confirm package names/versions match what the SKILL.md references; (2) test navil and navil-shield in a non-production environment because the proxy will be on-path and can observe tool lists and usage; (3) inspect any auto-generated policy.yaml before accepting rules and keep manual rules in a backed-up file; (4) prefer installing in a sandbox/container or virtualenv rather than globally (the SKILL.md suggests pip which can modify system packages); and (5) verify community templates and the package checksum/signature if you need strong assurance. If you are uncomfortable with an on-path proxy inspecting agent traffic, do not deploy this in production without an architecture review.
功能分析
Type: OpenClaw Skill Name: navil-policy Version: 1.0.2 The navil-policy skill is a legitimate tool designed to optimize Model Context Protocol (MCP) token usage by filtering tool schemas. It installs the 'navil' Python package and provides instructions for the agent to manage YAML-based access policies in ~/.navil/. The code and instructions in SKILL.md and skill.json are consistent with the stated purpose of cost reduction and least-privilege security, with no evidence of data exfiltration, obfuscation, or malicious intent.
能力评估
Purpose & Capability
Name/description match the runtime instructions: the SKILL.md explains installing and using the 'navil' policy engine to filter MCP tool lists and reduce token cost. The only required binary is pip, which is needed to install the navil package the docs reference — this is proportionate to the described functionality.
Instruction Scope
Instructions stay on-topic: they tell the agent to install 'navil', generate or write policy YAML under ~/.navil, run policy checks, view logs, and enable navil-shield (a proxy shim). However, the auto-generate feature and the proxy operate on agent↔MCP traffic (observing calls/tool usage), which means the installed proxy will be on-path and able to inspect tool lists and usage. This is expected for the stated purpose but is a privacy/privilege consideration the user should accept explicitly.
Install Mechanism
There are no bundled binaries or remote downloads in the skill itself; the SKILL.md recommends using pip to install 'navil'. Using pip is reasonable and expected. Note: pip installs arbitrary Python packages (the SKILL.md even suggests a fallback that may alter system packages), so users should verify the package source/version before running installs.
Credentials
The skill declares no required environment variables or credentials and the instructions do not ask for unrelated secrets. The configuration is limited to policy files under the user's home (~/.navil).
Persistence & Privilege
always:false and agent autonomy settings are normal. The operational model requires deploying a proxy (navil-shield) that sits in the request path and caches/filters responses; that gives the installed software network-level visibility into MCP traffic. This is coherent with the goal but increases operational privilege and attack surface, so apply standard deployment precautions.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install navil-policy
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /navil-policy 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
Fix: version sync
v1.0.1
Fix: license is Apache-2.0 (not MIT)
v1.0.0
Initial release — token cost optimization via tool scoping
元数据
Slug navil-policy
版本 1.0.2
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 3
常见问题

Navil Policy 是什么?

Reduce MCP token costs by up to 94% and enforce least-privilege tool access. Creates YAML policies that control which MCP tools each agent can see and call.... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 121 次。

如何安装 Navil Policy?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install navil-policy」即可一键安装,无需额外配置。

Navil Policy 是免费的吗?

是的,Navil Policy 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Navil Policy 支持哪些平台?

Navil Policy 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Navil Policy?

由 ivanpantheon(@ivanpantheon)开发并维护,当前版本 v1.0.2。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 留言讨论