← 返回 Skills 市场

SkillGate Governance

Name: SkillGate Governance
Author: liyecom

作者 liyecom · GitHub ↗ · v0.1.2

cross-platform ✓ 安全检测通过

571

总下载

当前安装

版本数

在 OpenClaw 中安装

/install skillgate-gov

功能描述

Supply-chain governance for OpenClaw skills: scan, assess, quarantine/restore.

安全使用建议

This skill appears to do what it says: it runs an npm-scoped scanner to inspect a directory and can quarantine skills by moving files in the directory you pass. Before running it, consider: (1) prefer the pinned version shown in SKILL.md and run the provided npm view / dist.integrity verification to confirm package provenance; (2) run scans read-only where possible and only use quarantine/restore when you trust the tool; (3) be aware npx will fetch and execute code from the npm registry — if you have strict supply-chain requirements run the package in a sandbox or inspect its source first (the SKILL.md points to the GitHub repo); (4) avoid running quarantine on system or shared directories you don’t control. Overall the skill is internally consistent, but treat remote-executed packages and file-moving operations with standard caution.

功能分析

Type: OpenClaw Skill Name: skillgate-gov Version: 0.1.2 This skill bundle describes a 'SkillGate' governance tool designed to scan, assess, and quarantine/restore OpenClaw skills. The `SKILL.md` file clearly outlines its purpose, required binaries (`node`, `npm`), and the commands it executes via `npx`. While `npx` downloads and executes code, this is explicitly stated and aligned with the tool's function. The documentation also details its permissions, noting it's read-only by default but performs writes for quarantine/restore operations. There is no evidence of prompt injection, data exfiltration, obfuscation, or other malicious intent within the provided files; instead, it offers provenance verification steps. The described capabilities are consistent with a legitimate security governance tool.

能力评估

✓ Purpose & Capability

Name/description state supply-chain governance for OpenClaw skills and the SKILL.md instructs the agent to run an npm-scoped package (@skillgate/...) via npx. The declared required binaries (node, npm) match that need; no unrelated credentials, binaries, or config paths are requested.

ℹ Instruction Scope

Instructions focus on scanning a provided directory and explain quarantine/restore as operations on the target directory. They recommend using npx with a pinned version and show verification steps. Important operational note: npx will download and execute code from the npm registry (network fetch on first run) and quarantine operations can move/modify files inside the directory you pass — both are expected for this purpose but are material security actions the user should be aware of.

ℹ Install Mechanism

There is no install spec for the skill itself, but runtime instructions rely on npx to fetch and run @skillgate/[email protected] from npm. This is a standard mechanism for Node tools but implies executing remote package code (moderate risk); the SKILL.md provides sensible verification commands (npm view, repo URL) to mitigate that risk.

✓ Credentials

The skill requests no environment variables, credentials, or config paths — consistent with a local governance scanner that only needs node/npm and operates on a user-supplied directory.

✓ Persistence & Privilege

always is false and the skill does not request persistent platform privileges. The only elevated action described is quarantining (moving/marking) files inside a target directory, which is appropriate for the stated functionality and scoped to the user-specified target.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install skillgate-gov
安装完成后，直接呼叫该 Skill 的名称或使用 /skillgate-gov 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v0.1.2

- Added a homepage link to the skill metadata, pointing to the GitHub repository. - No other changes made to functionality or documentation.

v0.1.1

- Updated Quick Start instructions to recommend using npx with a pinned version instead of global npm install, enhancing supply-chain safety. - Added steps for verifying package provenance and how to check metadata before running. - Documented permissions, filesystem scope, and clarified that no secrets are required. - Included local development instructions for using as a devDependency. - Plugin command list, risk levels, and operating procedures remain unchanged.

v0.1.0

Initial release of skillgate-gov: - Adds supply-chain governance tools for OpenClaw skills: scan, assess, quarantine, and restore. - Provides commands to check risk levels, quarantine/restore skills, and review governance status. - Documents risk categories and automatic actions (quarantine, disable, warn, log). - Includes quickstart instructions for installation and usage with OpenClaw.

元数据

Slug skillgate-gov

版本 0.1.2

许可证 —

累计安装 0

当前安装数 0

历史版本数 3

常见问题

SkillGate Governance 是什么？

Supply-chain governance for OpenClaw skills: scan, assess, quarantine/restore. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 571 次。

如何安装 SkillGate Governance？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install skillgate-gov」即可一键安装，无需额外配置。

SkillGate Governance 是免费的吗？

是的，SkillGate Governance 完全免费（开源免费），可自由下载、安装和使用。

SkillGate Governance 支持哪些平台？

SkillGate Governance 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 SkillGate Governance？

由 liyecom（@liyecom）开发并维护，当前版本 v0.1.2。