← 返回 Skills 市场
Pilot Compliance Governance Setup
作者
Calin Teodor
· GitHub ↗
· v1.0.0
· MIT-0
85
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install pilot-compliance-governance-setup
功能描述
Deploy a compliance and governance system with 4 agents. Use this skill when: 1. User wants to set up automated compliance enforcement 2. User is configuring...
安全使用建议
This skill appears to do what it says (set up four governance agents) but you should be cautious before running it. Key actions to take before installing: 1) Verify the provenance and integrity of the pilotctl and clawhub binaries (are they from a trusted, signed source?). 2) Inspect the specific pilot-* packages clawhub will install — each may request external credentials or add network connectors. 3) Plan where signing keys and any webhook/slack credentials will be stored and who can access them; the skill does not declare these needs. 4) Be careful when executing the handshake steps: automated trust between agents can expose data flows if endpoints are compromised. 5) If possible, test the setup in an isolated environment or staging cluster first. Providing the actual URLs/repositories for the pilot-* packages, a list of expected credential names for connectors, and details on where keys are stored would raise my confidence and could change this assessment to benign.
功能分析
Type: OpenClaw Skill
Name: pilot-compliance-governance-setup
Version: 1.0.0
The skill bundle provides a legitimate orchestration setup for a four-agent compliance and governance system (policy engine, auditor, certifier, and reporter). It uses platform-specific tools like `pilotctl` and `clawhub` to manage dependencies, configure local manifests in `~/.pilot/setups/`, and establish inter-agent communication channels. The instructions in SKILL.md and README.md are consistent with the stated purpose and do not contain any indicators of malicious intent, data exfiltration, or unauthorized execution.
能力标签
能力评估
Purpose & Capability
Name/description align with the actions in SKILL.md: installing agent roles, setting hostnames, writing a manifest, and performing handshakes via pilotctl. Required binaries (pilotctl, clawhub) are appropriate. However, the skill instructs installing multiple connector/bridge skills (e.g., pilot-slack-bridge, pilot-webhook-bridge) that will likely need external credentials which this skill does not declare or surface.
Instruction Scope
The SKILL.md tells the agent to install many other skills, write a manifest to ~/.pilot/setups/compliance-governance.json, and perform automated handshakes that auto-approve trust once both sides send a handshake. The document also enables external data flows (webhook/Slack bridges). These are coherent with a governance setup but expand the runtime scope substantially and could result in sensitive audit data being forwarded externally if connectors are misconfigured or credentials are provided to those installed skills.
Install Mechanism
Instruction-only skill (no install spec, no code) which is low risk by itself. However it requires running clawhub install to fetch many pilot-* skills; the security depends entirely on the provenance and contents of those packages installed by clawhub (not visible here).
Credentials
The skill declares no required environment variables or credentials, yet it instructs installing connectors that normally require external credentials (Slack tokens, webhook endpoints) and a certifier role that manages signing keys. Not declaring these expected credentials is an omission that obscures where secrets will be provided or stored and prevents users from assessing privilege needs up front.
Persistence & Privilege
always is false and the skill does not itself request persistent platform-wide privileges. That said, it instructs installing multiple persistent skills and writing a setup manifest into the user's home directory, and it guides creation of automated peer handshakes which grant trust between agents — so the overall deployment results in persistent, interconnected services. This combination increases blast radius if any installed skill is malicious or misconfigured.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install pilot-compliance-governance-setup - 安装完成后,直接呼叫该 Skill 的名称或使用
/pilot-compliance-governance-setup触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release
元数据
常见问题
Pilot Compliance Governance Setup 是什么?
Deploy a compliance and governance system with 4 agents. Use this skill when: 1. User wants to set up automated compliance enforcement 2. User is configuring... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 85 次。
如何安装 Pilot Compliance Governance Setup?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install pilot-compliance-governance-setup」即可一键安装,无需额外配置。
Pilot Compliance Governance Setup 是免费的吗?
是的,Pilot Compliance Governance Setup 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Pilot Compliance Governance Setup 支持哪些平台?
Pilot Compliance Governance Setup 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Pilot Compliance Governance Setup?
由 Calin Teodor(@teoslayer)开发并维护,当前版本 v1.0.0。
推荐 Skills