← 返回 Skills 市场
1535
总下载
1
收藏
3
当前安装
3
版本数
在 OpenClaw 中安装
/install openclaw-marshal
功能描述
Compliance and policy enforcement for agent workspaces. Define security policies, audit compliance, check command restrictions, and generate audit-ready reports. Free alert layer — upgrade to openclaw-marshal-pro for active enforcement, blocking, and automated remediation.
安全使用建议
This tool appears to be a local compliance/audit script and is mostly coherent with its description, but it can modify your workspace (quarantine/enforce/hooks). Before installing or running it: 1) Treat the package as untrusted until you verify its source—there is no homepage or known repo in the metadata. 2) Inspect the bundled scripts yourself (search for functions named enforce, quarantine, protect, os.remove, shutil.rmtree, os.rename, subprocess/os.system) to confirm what modifications will occur and when. 3) Run on a copy or non-production workspace first and back up your workspace. 4) If you intend to let agents call this skill autonomously, restrict or review agent permissions (or set disable-model-invocation) so it cannot run destructive commands without human approval. 5) Ask the publisher for a canonical source/repo and change logs; prefer installing from a verified repository. If you want help locating and reviewing the parts of scripts/marshal.py that implement quarantine/enforce, I can inspect those functions in more detail.
功能分析
Type: OpenClaw Skill
Name: openclaw-marshal
Version: 1.0.2
The OpenClaw Marshal skill is a security and compliance tool designed to audit other skills and the workspace against defined policies. It scans for dangerous command patterns (e.g., RCE risks like `curl|bash`, `eval()`, `os.system`), network policy violations, and configuration issues. Its 'Pro' features include active enforcement by quarantining non-compliant skills (renaming their directories) and generating defensive runtime hooks for agent environments to block dangerous commands or PII leaks. All operations are aligned with its stated security purpose, and there is no evidence of intentional malicious behavior such as data exfiltration, backdoor installation, or unauthorized remote control. The code adheres to its claim of 'No External Dependencies' and 'No network calls'.
能力评估
Purpose & Capability
Name/description claim a compliance/audit tool and the bundle contains a Python script that scans a workspace for commands, domains, and configuration—this is consistent. However marketing text says the free tier is 'alert only' while the included script implements active enforcement/quarantine/enforce/protect commands. The repository/homepage is unknown which reduces trust in provenance.
Instruction Scope
SKILL.md instructs the agent (or user) to run the included marshal.py against a workspace; the script auto-detects a workspace and scans/assesses all skills. The script also exposes operations that can modify state (enforce, quarantine, unquarantine, hooks, protect). Those are within the stated purpose but are potentially destructive (rename/move/quarantine skills, create hooks) and the README/marketing is inconsistent about whether active enforcement is part of the free skill. The runtime instructions and code give the agent broad discretion over workspace files—review and backups are recommended.
Install Mechanism
No install spec; the skill is instruction-only plus a bundled Python script. Nothing is downloaded from external URLs or installed automatically by the skill. The risk of supply-chain code being pulled at install time is low because everything is included in the bundle.
Credentials
No required environment variables or credentials are declared; the script optionally respects OPENCLAW_WORKSPACE to locate the workspace. There are no requested secrets or unrelated credentials in metadata. This is proportionate for a local-audit tool.
Persistence & Privilege
always:false (good). Model invocation is allowed (disable-model-invocation:false), which is the platform default. Because the script exposes enforcement/quarantine operations that modify other skills and workspace state, an autonomously-invoked agent could perform those changes if given the ability — combine that with the previous concern and treat autonomous invocation as a real risk unless you intentionally restrict it.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openclaw-marshal - 安装完成后,直接呼叫该 Skill 的名称或使用
/openclaw-marshal触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
- Removed references to "openclaw-marshal-pro" and the free/upgrade alert layer.
- Generalized the description by omitting upsell language.
- No changes to command structure, functionality, or usage examples.
- Documentation now presents the open-source version on its own.
v1.0.1
- Updated README.md for improved clarity and consistency.
- No functional or behavioral changes to the skill itself.
v1.0.0
Initial release of openclaw-marshal 1.0.0.
- Enables defining security and compliance policies for agent workspaces.
- Audits installed skills and workspace configurations against customizable rules for commands, network, data handling, and workspace hygiene.
- Generates detailed audit-ready compliance reports and concise status summaries.
- Requires no external Python dependencies and supports auto-detecting the workspace location.
- Upgrade path to active enforcement features via openclaw-marshal-pro.
元数据
常见问题
Openclaw Marshal 是什么?
Compliance and policy enforcement for agent workspaces. Define security policies, audit compliance, check command restrictions, and generate audit-ready reports. Free alert layer — upgrade to openclaw-marshal-pro for active enforcement, blocking, and automated remediation. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1535 次。
如何安装 Openclaw Marshal?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-marshal」即可一键安装,无需额外配置。
Openclaw Marshal 是免费的吗?
是的,Openclaw Marshal 完全免费(开源免费),可自由下载、安装和使用。
Openclaw Marshal 支持哪些平台?
Openclaw Marshal 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(darwin, linux, win32)。
谁开发了 Openclaw Marshal?
由 AtlasPA(@atlaspa)开发并维护,当前版本 v1.0.2。
推荐 Skills