← 返回 Skills 市场
maxime-xian

skill-governance

作者 maxime-Xian · GitHub ↗ · v2.1.0
cross-platform ⚠ suspicious
430
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install skill-governance
功能描述
OpenClaw Cognitive Operating & Skill Governance Kernel
安全使用建议
This skill is conceptually coherent with a governance kernel, but it contains ambiguous operational directives that could change files, archive or delete other skills, and push summaries externally without specifying where. Before installing: 1) Ask the author to clarify exact filesystem paths and required permissions for /memory and archived_skills/, and which service/endpoints (and credentials) are used for 'external synchronization'. 2) Confirm which bundles the skill may mount/unmount and get explicit allow-listing for those bundles. 3) Run the skill in a restricted sandbox with monitoring to observe file writes and outgoing connections. 4) If you cannot get clear answers, avoid enabling autonomous invocation or limit its scope and privileges.
功能分析
Type: OpenClaw Skill Name: skill-governance Version: 2.1.0 The skill `skill-governance` defines operational protocols for an AI agent. It is classified as suspicious due to two main capabilities outlined in `SKILL.md`: the automatic mounting of other skill bundles (e.g., `research.bundle`, `automation.bundle`) based on keywords, which poses a risk if those bundles are unvetted or malicious; and the mandatory external synchronization of task summaries for critical tasks, which is a data exfiltration capability that could be abused if the synchronization mechanism is insecure or unauthorized. These features represent significant vulnerability risks rather than explicit malicious intent.
能力评估
Purpose & Capability
The name/description as a 'cognitive operating & skill governance kernel' matches the SKILL.md: it defines perception, decision, mounting, lifecycle, and closure protocols. There are no unexpected environment variables, binaries, or installs requested that contradict its stated purpose.
Instruction Scope
The instructions mandate behaviors that involve system state and other skills: automatic 'mount/unmount' of bundles, writing forced archives to /memory/YYYY-MM-DD-task.md, moving skills to archived_skills/, and generating summaries for 'external synchronization'. The SKILL.md does not specify where /memory or archived_skills/ live, what API/endpoints should be used for external sync, or what authorization is needed. Those gaps create a risk that the agent will read/write files or transmit data outside expected boundaries or trigger other skills unexpectedly.
Install Mechanism
No install spec and no code files — instruction-only — so nothing is downloaded or written at install time. This is lower risk from an install-mechanism perspective.
Credentials
The skill requests no environment variables or credentials (proportionate). However, it references filesystem locations and lifecycle operations that imply write/delete privileges over skill storage areas even though no config paths were declared in the manifest; that mismatch should be clarified.
Persistence & Privilege
always:false and model invocation allowed (normal). But the protocol includes lifecycle actions that move and mark other skills (archived_skills/, deletion candidates) and requires sending notifications before deletion. Those are operations that modify other skills' state or system-wide skill storage; the skill does not declare these config paths or required permissions, which is a privilege/footprint mismatch and a potential control risk.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install skill-governance
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /skill-governance 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.1.0
Major Upgrade: Cognitive Operating & Skill Governance Kernel v2.1
v1.3.0
Upgrade to Skill-FireControl Protocol (Signal Extraction + Hard Closing)
v1.2.0
Maxime Butler Protocol - Initial Release
元数据
Slug skill-governance
版本 2.1.0
许可证
累计安装 0
当前安装数 0
历史版本数 3
常见问题

skill-governance 是什么?

OpenClaw Cognitive Operating & Skill Governance Kernel. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 430 次。

如何安装 skill-governance?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install skill-governance」即可一键安装,无需额外配置。

skill-governance 是免费的吗?

是的,skill-governance 完全免费(开源免费),可自由下载、安装和使用。

skill-governance 支持哪些平台?

skill-governance 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 skill-governance?

由 maxime-Xian(@maxime-xian)开发并维护,当前版本 v2.1.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论