← 返回 Skills 市场
nicallen-exd

Sanna Governance

作者 nicallen-exd · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
87
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install sanna-governance
功能描述
Sanna governance — tool calls are governed transparently
安全使用建议
This SKILL.md reads like documentation for a governance plugin rather than an implementation. Before installing or trusting it: 1) confirm that the referenced plugin (@sanna-ai/openclaw) actually exists on your platform and inspect its source/publisher and install mechanism; 2) ask who manages the Ed25519 signing keys and where receipts are stored (platform-controlled keys are safer than undisclosed env vars); 3) ask why 'node' is required when no code is included — is there an expected local helper?; 4) require a concrete description of escalation/human-approval flows and evidence the plugin enforces (not merely describes) policies. If these questions are unanswered, treat the skill as untrusted — it makes strong security claims but provides no implementation or key custody details.
功能分析
Type: OpenClaw Skill Name: sanna-governance Version: 1.0.0 The skill bundle contains metadata and documentation for 'Sanna Governance,' a framework designed to provide oversight, tool-gating, and cryptographic auditing for AI agent actions. The SKILL.md file describes a system that intercepts high-risk tool calls (like exec or bash) to validate them against a security constitution, which is a defensive and governance-oriented purpose. No executable code or malicious instructions were found in the provided files.
能力评估
Purpose & Capability
The name/description (governance, Ed25519 receipts, constitutions, enforcement) is coherent with a governance plugin, but the skill is instruction-only and declares no implementation or credentials. The SKILL.md also lists a requiresPlugin (@sanna-ai/openclaw) which is plausible, but the registry entry provides no plugin or homepage; additionally the manifest requires the 'node' binary despite no code being shipped — this mismatch is unexplained.
Instruction Scope
The instructions assert that a governance layer intercepts every tool call and emits Ed25519-signed receipts, but they do not specify how interception, signing, or receipt persistence are performed, nor where signing keys are stored or how human escalation is delivered. The prose gives policies and tiers but contains no operational steps; that leaves a big gap between claimed behavior and what the skill itself will do at runtime.
Install Mechanism
There is no install spec and no code files, so nothing is written to the host by the skill itself (lower risk). However, the governance functionality appears to depend on an external plugin (@sanna-ai/openclaw) which is not included or linked; this reliance is noted but not an install risk in itself.
Credentials
No environment variables or credentials are declared, yet the SKILL.md claims Ed25519-signed receipts — signing requires private keys or platform-managed keys. The lack of declared key material or a clear key custody model is a proportionality gap: either the platform provides keys (not documented) or the skill omitted critical requirements.
Persistence & Privilege
The skill does not request always: true, does not include code that would persist or modify other skills, and is user-invocable only. There are no declared config paths or privileges beyond normal; persistence/privilege requests appear reasonable.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install sanna-governance
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /sanna-governance 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of Sanna Governance. - Introduces transparent governance for tool calls, enforcing a configurable constitution that defines allowed, blocked, or escalated actions. - Applies governance automatically to every tool call without requiring special tool names or prefixes. - Supports three possible outcomes per tool call: allowed, blocked, or escalated for human approval. - Generates and persists Ed25519-signed cryptographic receipts for every governed action, providing proof of governance enforcement. - Classifies tools into risk-based tiers to tailor governance levels. - Requires the @sanna-ai/openclaw plugin for operation.
元数据
Slug sanna-governance
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Sanna Governance 是什么?

Sanna governance — tool calls are governed transparently. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 87 次。

如何安装 Sanna Governance?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install sanna-governance」即可一键安装,无需额外配置。

Sanna Governance 是免费的吗?

是的,Sanna Governance 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Sanna Governance 支持哪些平台?

Sanna Governance 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Sanna Governance?

由 nicallen-exd(@nicallen-exd)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 留言讨论