← 返回 Skills 市场
onechan

NORNR MCP Control

作者 NORNR · GitHub ↗ · v0.1.6 · MIT-0
cross-platform ✓ 安全检测通过
179
总下载
0
收藏
0
当前安装
7
版本数
在 OpenClaw 中安装
/install nornr-governance
功能描述
Put policy before paid actions, require approval for risky autonomous actions, and keep a finance-ready audit trail.
安全使用建议
This bundle is a thin wrapper around the official NORNR SDK and appears to do what it says, but take these precautions before enabling in production: 1) Fix or confirm the metadata mismatch (registry says no env var but SKILL.md requires NORNR_API_KEY). 2) Review the pinned PyPI package (nornr-agentpay==0.1.0) source/release to ensure it matches the claimed repo. 3) Create a dedicated NORNR API key limited to the minimum scopes you need (avoid broad workspace/treasury admin keys). 4) Test in a non-production workspace to confirm queued/blocked states actually stop autonomous flows. 5) Consider disallowing autonomous invocation for this skill or require an operator step if you cannot tightly control the API key scope.
功能分析
Type: OpenClaw Skill Name: nornr-governance Version: 0.1.6 The nornr-governance skill is a defensive tool designed to act as a control layer for AI agents, preventing unauthorized financial spend or consequential actions without explicit approval. The implementation in nornr_governance.py is a transparent wrapper for the official nornr-agentpay library, and the instructions in SKILL.md and README.md focus on enforcing safety boundaries and auditability. No indicators of data exfiltration, malicious execution, or harmful prompt injection were identified.
能力评估
Purpose & Capability
The skill is a thin CLI bridge into the NORNR Python SDK (agentpay) to perform preflight/approval flows; requiring a NORNR API key and the pinned SDK is coherent with that purpose. However registry-level metadata in the bundle lists no required env vars while SKILL.md and README declare NORNR_API_KEY as required—this mismatch should be corrected.
Instruction Scope
SKILL.md instructs running the small wrapper CLI and setting NORNR_API_KEY (and optionally NORNR_BASE_URL/NORNR_AGENT_ID). Instructions do not request unrelated files, system-wide secrets, or unexpected endpoints beyond the NORNR service specified.
Install Mechanism
Installation is via pip using a pinned PyPI package (nornr-agentpay==0.1.0) from requirements.txt. This is a standard mechanism but does fetch third-party code; review the pinned SDK release/source before installing.
Credentials
The skill requires a single service credential (NORNR_API_KEY) which is appropriate, but the suggested API scopes include powerful write permissions (payments:write, approvals:write). Those scopes are reasonable for a control plane that can trigger or approve payments, but you should issue a dedicated key with minimum necessary scopes.
Persistence & Privilege
always:false (not force-included) and model invocation is allowed (platform default). Because the skill can exercise approval/payment actions via the NORNR API, enabling autonomous invocation increases blast radius—consider restricting autonomous use or requiring operator approval in your environment.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install nornr-governance
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /nornr-governance 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.6
Tighten first-read copy, add Cursor rule, add demo guidance, and position the skill as the control layer before consequential OpenClaw and MCP execution.
v0.1.5
Point OpenClaw homepage metadata to the public MCP control repo and keep SDK provenance explicit.
v0.1.4
Add hello world, copy-paste configs, default OpenClaw pack, raw execution rationale, and queued review guidance.
v0.1.3
Add explicit homepage and required NORNR credential metadata for OpenClaw registry consumers.
v0.1.2
Switch skill dependency to PyPI package nornr-agentpay==0.1.0 and tighten install/provenance guidance.
v0.1.1
Add pinned install spec, dependency provenance, and fail-closed dependency guard.
v0.1.0
Initial OpenClaw release: policy before paid actions, approval for risky autonomous actions, and finance-ready audit trails.
元数据
Slug nornr-governance
版本 0.1.6
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 7
常见问题

NORNR MCP Control 是什么?

Put policy before paid actions, require approval for risky autonomous actions, and keep a finance-ready audit trail. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 179 次。

如何安装 NORNR MCP Control?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install nornr-governance」即可一键安装,无需额外配置。

NORNR MCP Control 是免费的吗?

是的,NORNR MCP Control 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

NORNR MCP Control 支持哪些平台?

NORNR MCP Control 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 NORNR MCP Control?

由 NORNR(@onechan)开发并维护,当前版本 v0.1.6。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 留言讨论