← 返回 Skills 市场
Nous Safety
作者
Dario Zhang
· GitHub ↗
· v0.1.1
· MIT-0
99
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install nous-safety
功能描述
Ontology-driven Agent safety layer. Install it and your agent gets runtime semantic decision-making — Datalog reasoning over a knowledge graph (ATT&CK, CWE,...
安全使用建议
This skill appears to implement what it says, but proceed cautiously. Before installing: (1) inspect the GitHub repository and the exact commit the install script will clone (don't install blindly from an unknown tip), (2) review package code (especially top-level imports and any network calls) because pip install -e and the verification import will execute code, (3) run the install in an isolated environment or container and start in shadow mode as recommended, (4) only supply LLM API keys you understand and consider scoping/policy (the skill omits declaring these required env vars), and (5) prefer pinning the repo to a specific release tag/commit rather than installing from trunk. If you cannot review the repo, treat this as higher risk and avoid installing into production agents.
功能分析
Type: OpenClaw Skill
Name: nous-safety
Version: 0.1.1
The skill bundle acts as an installer for an external security engine, but it utilizes risky 'supply chain' patterns by cloning and installing unverified code from a GitHub repository (dario-github/nous) into the user's home directory via scripts/install.sh. While the behavior is aligned with the stated purpose, the documentation in SKILL.md contains anomalies such as references to non-existent models (GPT-5-mini) and companion projects for 'agent-self-evolution,' which represent high-risk capabilities for an autonomous agent without clear safety boundaries.
能力评估
Purpose & Capability
Name/description (ontology-driven runtime safety) align with the included instructions and files: the skill installs a Python package that provides gate/evaluate_request and a gateway hook for tool calls, and the SKILL.md shows use-cases consistent with a decision engine.
Instruction Scope
Instructions are scoped to installing the nous package, importing its gate/hook APIs, editing ontology/rules, and optionally integrating with an LLM. They do not instruct the agent to read unrelated system data. However the SKILL.md requires an LLM API key (for the semantic gate) and references config and log files, but the declared metadata does not list those credentials — this omission reduces transparency.
Install Mechanism
Install.sh clones the project directly from GitHub and runs pip install -e ., then verifies installation by importing the package. Cloning from a GitHub repo and pip-installing editable code is a common pattern but means arbitrary package code will be pulled and executed at install/ import time — higher risk than instruction-only skills. The repo URL matches the homepage in SKILL.md, which reduces suspicion but does not remove the need to review the source.
Credentials
Registry metadata lists no required env vars, yet SKILL.md explicitly says an LLM API key (OpenAI/Anthropic/Google) is needed for the semantic gate and shows a model id referencing openai/gpt-5-mini. That is a material omission: the skill will likely require sensitive API credentials to operate but does not declare them, which is a transparency and privilege concern.
Persistence & Privilege
The skill does not request always:true and is user-invocable (normal). Installation writes into $HOME/.nous (or NOUS_INSTALL_DIR) and creates config/log files under its directory; it does not request system-wide settings or modify other skills. This is typical for a local package.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install nous-safety - 安装完成后,直接呼叫该 Skill 的名称或使用
/nous-safety触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.1
Add star prompt and companion project links
v0.1.0
- Initial release of the nous-safety skill: ontology-driven agent safety layer.
- Provides runtime semantic decision-making using Datalog reasoning over integrated security frameworks (ATT&CK, CWE, NIST CSF, ISO 27001).
- Starts in shadow mode (observe only), with the option to switch to primary mode for request blocking.
- Extensible: supports custom rules, entities, and knowledge subgraphs.
- Exposes Python API and OpenClaw gateway hook for agent integration.
- Includes metrics, configuration guidance, and installation instructions.
元数据
常见问题
Nous Safety 是什么?
Ontology-driven Agent safety layer. Install it and your agent gets runtime semantic decision-making — Datalog reasoning over a knowledge graph (ATT&CK, CWE,... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 99 次。
如何安装 Nous Safety?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install nous-safety」即可一键安装,无需额外配置。
Nous Safety 是免费的吗?
是的,Nous Safety 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Nous Safety 支持哪些平台?
Nous Safety 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Nous Safety?
由 Dario Zhang(@dario-github)开发并维护,当前版本 v0.1.1。
推荐 Skills