← 返回 Skills 市场
Sammā Suit
作者
OneZeroEight-ai
· GitHub ↗
· v0.1.0
1421
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install samma-suit
功能描述
Add 8 security governance layers to your OpenClaw agent — budget controls, permissions, audit logging, kill switch, identity signing, skill vetting, process isolation, and gateway protection.
使用说明 (SKILL.md)
\r \r
Sammā Suit — Security Governance for OpenClaw\r
\r You are helping the user install and configure Sammā Suit, an open-source security framework that adds 8 enforced governance layers to OpenClaw as lifecycle hooks.\r \r
What It Does\r
\r Sammā Suit intercepts OpenClaw's plugin hooks to enforce:\r
- NIRVANA — Kill switch. Blocks all activity if agent is terminated.\r
- DHARMA — Permissions. Checks tools against allowed permission set.\r
- SANGHA — Skill vetting. Blocks unapproved skills via allowlist + AST scanning.\r
- KARMA — Budget controls. Per-agent monthly spending caps with hard ceiling.\r
- BODHI — Isolation. Injects timeout, token, and resource limits per agent.\r
- METTA — Identity. Ed25519 cryptographic signing on outbound messages.\r
- SILA — Audit trail. Logs every tool call, message, and session event.\r \r
Installation\r
\r Run:\r
安全使用建议
This skill makes large claims (kill switch, auditing, signing, isolation) but provides no code, repo, or detailed instructions and asks only for an opaque SAMMA_API_KEY from an unknown source. Before installing or supplying an API key, ask the publisher for: (1) a public repository or homepage with source code and releases; (2) detailed docs describing exactly what data is sent to the SAMMA service, endpoints, and retention/acl policies; (3) how the skill modifies agent hooks or runtime configuration and what permissions it needs; (4) a minimal, auditable implementation or a sandboxed demo you can run locally; and (5) recommended scoping/rotation for the API key (least privilege, short-lived token, limited scope). If you must test now, do so in an isolated agent environment with sanitized inputs and an ephemeral API key, and do not provide production credentials or sensitive datasets until you verify provenance and the data-flow. If the publisher cannot produce source or clear data-flow guarantees, treat this skill as untrusted.
功能分析
Type: OpenClaw Skill
Name: samma-suit
Version: 0.1.0
The skill bundle describes a security governance framework for OpenClaw and requires a `SAMMA_API_KEY` environment variable, which is a standard practice for API-driven services. Crucially, the `SKILL.md` file, which serves as the instruction set for the AI agent, contains no executable commands, network calls, or any instructions that could lead to data exfiltration, malicious execution, or prompt injection. The 'Installation' section is incomplete, stating 'Run:' but providing no actual commands, rendering the skill inert in terms of execution.
能力评估
Purpose & Capability
The name/description (8 governance layers) matches the single declared requirement (SAMMA_API_KEY) in the sense that a remote security service could implement these features. However, there is no homepage, repository, install mechanism, or code — so it's unclear how the claimed enforcement would be applied. That gap is disproportionate given the scope of the controls described (kill switch, signing, isolation, audit logging).
Instruction Scope
SKILL.md contains only high-level claims and metadata; it ends abruptly at "Run:" and provides no concrete runtime steps, endpoints, or data-flow descriptions. Because the skill's functionality implies intercepting hooks and sending/receiving security-relevant data, the lack of precise instructions means the agent (or the remote service) could be given broad discretion to read or transmit sensitive session, tool, or message data. The vagueness is a risk.
Install Mechanism
There is no install spec and no code files (instruction-only). That's lower surface area for local disk writes, but it also means the skill must rely on a remote service to provide enforcement. Absence of an install spec increases need for provenance (source repo, release artifacts) because the enforcement is opaque.
Credentials
Only one env var (SAMMA_API_KEY) is required and is declared as the primary credential. That is proportionate if the skill delegates to an external governance API. However, because there is no information about what the API consumes or logs (e.g., whether it receives full messages, tool inputs, or skill code), the single key could give broad access to sensitive data. Lack of scoping or documentation is a concern.
Persistence & Privilege
The skill is not marked always:true and is user-invocable; it does not request system-wide persistence or modification of other skills in the metadata. No direct privilege escalation is declared in the manifest.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install samma-suit - 安装完成后,直接呼叫该 Skill 的名称或使用
/samma-suit触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial release of samma-suit: security governance for OpenClaw
- Adds 8 security layers: budget controls, permissions, audit logging, kill switch, identity signing, skill vetting, process isolation, and gateway protection.
- Provides OpenClaw lifecycle enforcement through plugin hooks.
- User-invocable; requires SAMMA_API_KEY environment variable.
- Includes installation and configuration guidance in SKILL.md.
元数据
常见问题
Sammā Suit 是什么?
Add 8 security governance layers to your OpenClaw agent — budget controls, permissions, audit logging, kill switch, identity signing, skill vetting, process isolation, and gateway protection. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1421 次。
如何安装 Sammā Suit?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install samma-suit」即可一键安装,无需额外配置。
Sammā Suit 是免费的吗?
是的,Sammā Suit 完全免费(开源免费),可自由下载、安装和使用。
Sammā Suit 支持哪些平台?
Sammā Suit 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Sammā Suit?
由 OneZeroEight-ai(@onezeroeight-ai)开发并维护,当前版本 v0.1.0。
推荐 Skills