← 返回 Skills 市场
Permission Manifest Guard
作者
honouralexwill
· GitHub ↗
· v0.1.1
· MIT-0
110
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install permission-manifest-guard
功能描述
Inspects an OpenClaw skill directory before install or execution, translates declared and observed requirements into a human-readable permission manifest, an...
安全使用建议
This skill appears coherent and implements a static permission manifest generator. Before running it: 1) Understand that its analysis is static only — it cannot see runtime behavior or transitive dependency actions; treat the manifest as an aid, not a proof. 2) The CLI will write permission-manifest.json into the inspected directory — run it on a copy or in a sandbox if you don't want repository files modified. 3) Inspect package.json dependencies (js-yaml) and run standard checks (npm install in an isolated environment, npm audit) if you plan to build/run locally. 4) Note the repository includes a CLAUDE.md that mentions an external 'saturnday' governance tool — that's documentation and not executed by the tool, but verify any external governance workflow separately. 5) If you need runtime/supply-chain guarantees (transitive dependency behavior, network reachability), use dynamic or dependency-specific scanners in addition to this tool.
功能分析
Type: OpenClaw Skill
Name: permission-manifest-guard
Version: 0.1.1
The 'permission-manifest-guard' skill is a static analysis security tool designed to audit other OpenClaw skills. It scans source code and metadata (SKILL.md, package.json) to identify declared versus observed permissions, such as network domains, shell commands, and environment variables. The logic in 'src/extract.ts' and 'src/classify.ts' uses regex-based heuristics to detect risky capabilities (e.g., eval, child_process) and calculate a risk score. The tool's behavior is transparent, well-documented, and lacks any indicators of data exfiltration, malicious execution, or prompt injection; it functions solely as a security guardrail for the OpenClaw ecosystem.
能力评估
Purpose & Capability
Name/description (permission manifest / static analysis) match the implementation: modules for discovery, extraction, classification, policy, and rendering exist (src/discovery.ts, src/extract.ts, src/classify.ts, src/policy.ts, src/render.ts). The declared capability in SKILL.md is read_filesystem and the code reads files from a supplied skill directory. No unrelated credentials or platform services are requested.
Instruction Scope
SKILL.md and README clearly limit the tool to static analysis of a supplied directory and describe expected outputs (markdown to stdout, JSON written to the target directory by the CLI). The CLI (src/cli.ts) does write permission-manifest.json into the inspected directory as a documented side effect. The code only scans files present in the target directory and does not perform network calls or attempt to access external credentials. Note: the repository includes a CLAUDE.md governance document that instructs running an external 'saturnday' tool — that is documentation only and not invoked by the code, but reviewers should be aware of it.
Install Mechanism
Registry metadata lists no install spec (instruction-only), which is low-risk. However, full source files are included in the package (TypeScript sources, package.json, package-lock.json). There is no automated install-from-URL or arbitrary archive extraction. The package.json declares ordinary npm deps (js-yaml) and devDependencies; there is no build/install script that fetches remote code beyond normal npm behavior. Slight mismatch: 'instruction-only' in registry vs presence of code files is benign but worth noting.
Credentials
The skill does not require environment variables or credentials and does not declare a primary credential. The code reads process.env occurrences in target code for detection purposes (extractors look for env-var usage) but does not itself read or transmit host credentials. It classifies env var names and flags likely secrets for the manifest; that is appropriate for its purpose.
Persistence & Privilege
The skill does not request permanent or elevated platform privileges (always:false). The CLI writes a permission-manifest.json file into the inspected skill directory (documented side effect). This write is proportionate to the stated behavior but you should be aware the tool modifies the inspected directory when run via the CLI. The code explicitly ignores symlinks during discovery (shouldIgnoreEntry) — this is a design choice, not a hidden privilege escalation.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install permission-manifest-guard - 安装完成后,直接呼叫该 Skill 的名称或使用
/permission-manifest-guard触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.1
Fix README.md read-only inconsistency: document that CLI writes permission-manifest.json into the target directory, programmatic API is pure
v0.1.0
Initial release: static analysis of OpenClaw skill directories, permission manifest generation, disposition recommendations
元数据
常见问题
Permission Manifest Guard 是什么?
Inspects an OpenClaw skill directory before install or execution, translates declared and observed requirements into a human-readable permission manifest, an... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 110 次。
如何安装 Permission Manifest Guard?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install permission-manifest-guard」即可一键安装,无需额外配置。
Permission Manifest Guard 是免费的吗?
是的,Permission Manifest Guard 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Permission Manifest Guard 支持哪些平台?
Permission Manifest Guard 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Permission Manifest Guard?
由 honouralexwill(@honouralexwill)开发并维护,当前版本 v0.1.1。
推荐 Skills