← 返回 Skills 市场
176
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install permission-guard
功能描述
分层权限守卫系统。基于 Claude Code Permission System 设计,包含危险命令拦截、规则优先级链、自动模式白名单和拒绝追踪。
安全使用建议
This skill is internally consistent with being a local permission guard and doesn't request credentials or install anything. Before enabling it, consider: 1) Review and control the config file (~/.openclaw/permissions.json) format and contents so auto-whitelisting won't silently approve dangerous commands. 2) Disable or restrict any feature that lets the agent auto-update rules unless you require and audit that behavior. 3) Avoid using 'bypass' mode and keep defaultMode conservative (e.g., 'ask' or 'default'). 4) If you allow autonomous agent invocation, add audits or require explicit confirmations for saving rule changes. 5) Test the guard in a safe environment to ensure the rejection/allow rules behave as you expect. These mitigations reduce the operational risk even though the skill itself appears coherent.
功能分析
Type: OpenClaw Skill
Name: permission-guard
Version: 1.0.0
The 'permission-guard' skill is a defensive security framework designed to restrict an AI agent's actions through a layered permission system. It provides instructions in SKILL.md to implement command whitelisting, dangerous command interception (e.g., 'rm -rf', 'curl | bash'), and automated secret scanning for API keys and passwords. The bundle contains no executable code and focuses entirely on establishing safety boundaries and user-consent workflows.
能力评估
Purpose & Capability
Name and description match the actual contents: an instruction-only permission-checking system for command execution. The skill requests no binaries, credentials, or installs, which is proportional to a rules-and-checks design.
Instruction Scope
SKILL.md stays on-topic (command parsing, blacklists/whitelists, secret scanning, denial tracking, shadow-rule detection, hooks). It references reading/writing a user config (~/.openclaw/permissions.json) and logging/denial tracking — expected for a guard. However, the instructions include auto-mode rule updates and post-execution updates to rules (updateAutoModeRules), which give the agent discretion to change persistent policy; this is a behavior-level risk (not an incoherence) because it can silently broaden allowed actions if misused.
Install Mechanism
No install spec and no code files — instruction-only. Nothing will be written to disk by an installer step. Risk from installation mechanism is minimal.
Credentials
The skill declares no required environment variables, credentials, or external config paths. It proposes local secret-scanning regexes (e.g., sk-... patterns) which are reasonable for detecting sensitive tokens but do not by themselves request or exfiltrate secrets.
Persistence & Privilege
The skill suggests persisting user config and denial tracking under ~/.openclaw/permissions.json and updating auto-mode rules after decisions. Combined with the platform default (model invocation allowed), automatic rule updates could lead to gradual permission creep if an agent is allowed to act autonomously. There is no 'always: true' or system-wide config edits requested, and it does not ask to modify other skills' configs.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install permission-guard - 安装完成后,直接呼叫该 Skill 的名称或使用
/permission-guard触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: 分层权限守卫系统,基于 Claude Code Permission System,包含危险命令拦截、规则优先级链、自动白名单、拒绝追踪和敏感信息检测
元数据
常见问题
Permission Guard 是什么?
分层权限守卫系统。基于 Claude Code Permission System 设计,包含危险命令拦截、规则优先级链、自动模式白名单和拒绝追踪。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 176 次。
如何安装 Permission Guard?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install permission-guard」即可一键安装,无需额外配置。
Permission Guard 是免费的吗?
是的,Permission Guard 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Permission Guard 支持哪些平台?
Permission Guard 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Permission Guard?
由 Sinnzen(@sinnzen)开发并维护,当前版本 v1.0.0。
推荐 Skills