← 返回 Skills 市场
vladuzh

SidClaw Governance

作者 VlPetrov · GitHub ↗ · v1.0.0 · MIT-0
macoslinuxwindows ⚠ suspicious
111
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install sidclaw-governance
功能描述
Add policy evaluation, human approval, and audit trails to any tool. Powered by SidClaw.
安全使用建议
This skill is coherent for its stated purpose but is high-impact: it routes all tool calls through a third-party proxy. Before installing: 1) Verify SidClaw's identity and trustworthiness (check the official GitHub repo, npm package @sidclaw/sdk, and docs). 2) Back up ~/.openclaw/openclaw.json before making changes. 3) Confirm precisely which env vars are actually required (README mentions SIDCLAW_UPSTREAM_CMD but the skill metadata does not) and avoid putting long-lived secrets in shared configs if you are unsure. 4) Prefer self-hosting or an enterprise deployment of the SidClaw proxy (or reviewing the @sidclaw/sdk code) if you need to keep data on-prem. 5) Test with non-sensitive tools/data first to confirm behavior. If you want higher confidence, provide the skill's source code or the npm package/GitHub repo for review — seeing the @sidclaw/sdk code and release provenance would move this assessment toward 'benign.'
功能分析
Type: OpenClaw Skill Name: sidclaw-governance Version: 1.0.0 The skill bundle provides instructions and configuration for 'SidClaw', a governance and policy enforcement layer for OpenClaw agents. It contains no executable code itself, instead providing a README.md for manual configuration of an MCP proxy (@sidclaw/sdk) and a SKILL.md that instructs the AI agent to strictly adhere to security policies, respect tool denials, and wait for human approval when required. The behavior is transparently documented and explicitly designed to enhance the security posture of the agent by preventing unauthorized tool execution.
能力评估
Purpose & Capability
Name/description, required binaries (node), and required credentials (SIDCLAW_API_KEY, SIDCLAW_AGENT_ID) align with a governance/proxy service that evaluates tool calls. The declared primary credential (SIDCLAW_API_KEY) is appropriate for this purpose.
Instruction Scope
Runtime instructions tell the user to replace their MCP server config so every tool call is proxied through SidClaw. That is expected for a governance proxy, but it is high-impact: the proxy will see tool inputs/outputs and can block or delay actions. The SKILL.md does not instruct the agent to read unrelated files, but it does instruct editing ~/.openclaw/openclaw.json which affects agent-wide behavior.
Install Mechanism
This is an instruction-only skill (no install spec). The README and instructions rely on npx/@sidclaw/sdk at runtime (npx will fetch packages from npm). Fetching and executing packages via npx is a moderate-risk pattern (normal for JS tools but requires trusting the npm package and its publisher). No binary or archive downloads from unknown hosts are present in the skill itself.
Credentials
The two required env vars (SIDCLAW_API_KEY, SIDCLAW_AGENT_ID) are appropriate for a third-party governance service. However, the README lists additional required variables (e.g., SIDCLAW_UPSTREAM_CMD) that are not declared in the skill metadata — an inconsistency. Also, routing all tool traffic to an external API means the API key grants broad access to tool call metadata and possibly payloads; that is expected but high-privilege.
Persistence & Privilege
The skill does not set always:true and does not auto-run, which is correct. However, it explicitly asks the user to change the agent-wide MCP configuration (~/.openclaw/openclaw.json) so all tools are proxied. This is a cross-cutting change that affects every tool and therefore raises privilege/impact concerns if you do not fully trust the SidClaw service or SDK.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install sidclaw-governance
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /sidclaw-governance 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Add policy evaluation, human approval, and audit trails to any MCP server tool. Powered by SidClaw.
元数据
Slug sidclaw-governance
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

SidClaw Governance 是什么?

Add policy evaluation, human approval, and audit trails to any tool. Powered by SidClaw. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 111 次。

如何安装 SidClaw Governance?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install sidclaw-governance」即可一键安装,无需额外配置。

SidClaw Governance 是免费的吗?

是的,SidClaw Governance 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

SidClaw Governance 支持哪些平台?

SidClaw Governance 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(macos, linux, windows)。

谁开发了 SidClaw Governance?

由 VlPetrov(@vladuzh)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论