← 返回 Skills 市场

Tool Governance

Name: Tool Governance
Author: lanyasheng

作者 _silhouette · GitHub ↗ · v2.4.0 · MIT-0

cross-platform ⚠ suspicious

204

总下载

当前安装

版本数

在 OpenClaw 中安装

/install tool-governance

功能描述

工具使用安全与可靠性。当工具反复失败、agent 绕过权限否决、或需要破坏性操作保护时使用。不适用于 agent 提前停止（用 execution-loop）或上下文管理（用 context-memory）。参见 error-recovery（限速恢复）。

安全使用建议

What to check before installing: - Required tools: the scripts call git, jq, realpath and use md5/md5sum/shasum. Install those or run the skill in an environment that has them. - Files & persistence: the scripts write session state to HOME/.openclaw/shared-context/sessions (tool-errors.json, denials.json). SKILL.md mentions .claude/... but actual scripts use .openclaw — confirm where you want state stored and whether that location is acceptable. - Git side effects: the checkpoint hook can run git add / git stash push / git stash apply; this modifies repo index and stash list and may change working tree state. Do not deploy this on a production repository without backups; test in a disposable repo first. - No network exfiltration appears present, and no credentials are requested, but the skill does inspect assistant messages and tool payloads and persists them locally — consider privacy implications. - If you want to limit blast radius: run hooks in a sandbox or CI/test repo, ensure NC_SESSION is set correctly, or avoid enabling autonomous invocation until you vet behavior. - If you need the skill, consider editing scripts to simplify/limit git operations (e.g., avoid 'git add -A' or require explicit confirmation) and to declare required binaries in metadata so the runtime environment can be prepared. Confidence note: medium — the code is readable and coherent for its purpose, but the undeclared dependencies, path mismatches, and git side effects are significant enough to warrant caution.

功能分析

Type: OpenClaw Skill Name: tool-governance Version: 2.4.0 The bundle provides a set of safety guardrails for OpenClaw agents, including input validation to block dangerous commands (e.g., 'rm -rf /' or 'curl|sh' in tool-input-guard.sh), automatic backups via git stash before destructive operations (checkpoint-rollback.sh), and circuit breakers to prevent infinite retry loops or denial bypasses (tool-error-advisor.sh, denial-tracker.sh). The behavior is consistent with the stated goal of tool governance and lacks any indicators of malicious intent, data exfiltration, or unauthorized persistence.

能力评估

⚠ Purpose & Capability

The SKILL.md and scripts implement tool-governance patterns (error escalation, denial tracking, checkpoint/rollback, input guard) which align with the skill name and description. However the package does not declare required binaries (git, jq, realpath, md5/md5sum/shasum) even though the scripts rely on them; that mismatch between declared requirements (none) and actual runtime dependencies is an incoherence.

⚠ Instruction Scope

Runtime instructions and provided scripts read assistant messages and tool call payloads from stdin, persist state to the filesystem (session state under HOME/.openclaw/shared-context/sessions), and (for destructive Bash commands) modify git state (git add/stash/git stash apply). SKILL.md references outputs like .claude/tool-errors.json but scripts write to HOME/.openclaw/... — a concrete mismatch. Hooks also perform deterministic actions (permissionDecision / deny) and can auto-roll back git state; these are within governance scope but have side effects that should be explicit.

✓ Install Mechanism

This is instruction-only with bundled scripts and tests (no external install/download). No remote URLs or package installs are used, so install-time code download risk is low.

⚠ Credentials

The skill requests no declared credentials, but the scripts rely on environment variables (HOME and NC_SESSION/session_id) and create persistent files under the user's home directory. The filesystem and git modifications (creating stashes, adding files to index in some reference variants) are higher-privilege actions relative to a lightweight governance hook and were not explicitly called out in the metadata or requirements.

ℹ Persistence & Privilege

always:false and no autonomous-disable flag are fine. The skill writes persistent session state and checkpoint stashes and thus gains ongoing state in the user's HOME; this is expected for a governance/tracking tool but you should be aware it will persist and may alter git state if run in a repo.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install tool-governance
安装完成后，直接呼叫该 Skill 的名称或使用 /tool-governance 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v2.4.0

Add settings.json configs, hookSpecificOutput formats, manual workarounds, failure modes

v2.2.0

SKILL.md rewrite: expanded patterns with reference links, PreToolUse updatedInput docs

v2.1.0

CRC knowledge补充 + SKILL.md结构优化 (Workflow/example/Output/Related) + 新 pattern (3.8 auto-compact breaker, 5.7 anti-stampede)

v2.0.0

v2.0.0: independent axis skill from execution-harness monorepo

元数据

Slug tool-governance

版本 2.4.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 4

常见问题

Tool Governance 是什么？

工具使用安全与可靠性。当工具反复失败、agent 绕过权限否决、或需要破坏性操作保护时使用。不适用于 agent 提前停止（用 execution-loop）或上下文管理（用 context-memory）。参见 error-recovery（限速恢复）。它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 204 次。

如何安装 Tool Governance？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install tool-governance」即可一键安装，无需额外配置。

Tool Governance 是免费的吗？

是的，Tool Governance 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Tool Governance 支持哪些平台？

Tool Governance 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Tool Governance？

由 _silhouette（@lanyasheng）开发并维护，当前版本 v2.4.0。