← 返回 Skills 市场
Tork Guardian
作者
torkjacobs
· GitHub ↗
· v1.0.2
1145
总下载
2
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install tork-guardian
功能描述
AI governance and safety layer for OpenClaw agents. Protects against unsafe actions, redacts sensitive data, and generates compliance audit trails.
安全使用建议
What to check before installing:
1) Provenance: this registry listing shows 'source: unknown' and advertised Requirements = none, but the package files (package.json, README, SKILL.md, src/) clearly expect a TORK_API_KEY and network access to tork.network and GitHub. Confirm you are installing the official package (check the npm package owner, GitHub repo, and package signatures) and that the homepage (https://tork.network) is legitimate.
2) API key scope & trust: the SDK will send content and threat reports to the remote Tork API. Decide whether you trust that endpoint with redacted or raw content. Inspect how the client constructs requests (src/client.ts). Consider using a limited-scope API key and review privacy/retention policies for tork.network.
3) Manifest mismatch: ask why the registry metadata omitted required env/network declarations. Installers relying on the registry may not prompt for network/env permissions; that omission is an incoherence you should resolve.
4) Prompt-injection strings: SKILL.md triggered prompt-injection pattern matches. Open the SKILL.md and README and manually search for any embedded instruction-like payloads; if present, ask the publisher to remove them or explain why they're harmless (example text vs. malicious injection).
5) Run the scanner locally first: if you want extra confidence, download the package source, run a local audit and the included tork-scan CLI in a controlled environment (the package's scanner writes temp files and cleans them up). Review network calls (axios usage) to see exactly what is sent.
6) Least privilege: if you enable this skill in production, use a configuration (e.g., strict policy, allowlist) that limits outbound domains and ports, and minimize logging of sensitive data. Because the client has a 'fail-open' behavior when the Tork API is unreachable, be aware that governance may be bypassed temporarily; decide whether that behavior matches your security posture.
If you cannot verify the package owner or the SKILL.md prompt artifacts, treat the package as untrusted until provenance and the manifest omissions are resolved.
功能分析
Type: OpenClaw Skill
Name: tork-guardian
Version: 1.0.2
This OpenClaw skill bundle, 'Tork Guardian', is a security and governance layer designed to protect AI agents. Its code and documentation consistently demonstrate an intent to detect PII, enforce policies, control tool access, and scan other skills for vulnerabilities. Key indicators include explicit blocklists for dangerous shell commands and sensitive file paths, network access controls (SSRF prevention, reverse shell detection), and a security scanner with rules to identify common vulnerabilities and prompt injection patterns. Network communication to `tork.network` and `api.github.com` is explicitly declared and justified by the skill's stated purpose (governance API and skill scanning, respectively). There is no evidence of intentional harmful behavior or data exfiltration beyond its stated security functions.
能力评估
Purpose & Capability
The skill claims to be a governance/safety layer and the code implements PII redaction, network governance, and a scanner that reports to a Tork cloud API — those capabilities match the description. However the registry metadata (Requirements section) claims no required env vars or credentials, while package.json, SKILL.md examples, and src code clearly require an API key (TORK_API_KEY) and network access to https://tork.network and GitHub APIs. That mismatch is an incoherence: a governance SDK legitimately needs the API key and network access, but the skill manifest did not declare them.
Instruction Scope
SKILL.md and README explicitly instruct usage that will (a) call out to a remote Tork API for governance/redaction, (b) run a local scanner which writes temp files when scanning provided source, and (c) provide examples that use process.env.TORK_API_KEY. The runtime instructions are generally scoped to the stated purpose (govern requests, network validation, scanning). However pre-scan detection flagged prompt-injection patterns in the SKILL.md (e.g. 'ignore-previous-instructions', 'you-are-now') which could indicate attempts to manipulate an agent's instruction-following; this should be validated manually (could be false positive or leftover example text).
Install Mechanism
No download-from-URL install is specified in the registry; the SKILL.md shows 'npm install @torknetwork/guardian' which is a normal package install. The included package.json and dist/ files mean code would be installed from npm (or from the registry bundle). There are no inline install scripts that fetch arbitrary remote archives in the provided files. The scanner writes temporary files when scanning a repo, which is expected for a scanner.
Credentials
The code and examples require an API key (TORK_API_KEY) and the package declares network permissions to talk to tork.network and api.github.com. Those credentials/network permissions are proportionate to a cloud-backed governance service and GitHub scanning. The problem is the registry-level Requirements reported to the evaluator show 'none' — an omission that could lead users to install without realizing the skill will need (and use) an API key and outbound network access. Also note the library will send threat reports and content to the Tork API (reportThreat uses client.govern with threat details), so anything included in those strings (skill id, details) may be transmitted to the cloud.
Persistence & Privilege
The skill does not request always:true and does not attempt to modify other skills or system-wide agent settings in the provided code. It performs temporary file writes only during scanning and otherwise operates in-process. Autonomous invocation is allowed (platform default) but not combined with any 'always' or other elevated privilege in this package.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install tork-guardian - 安装完成后,直接呼叫该 Skill 的名称或使用
/tork-guardian触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
Initial public release of Tork Guardian 1.0.0.
- Adds comprehensive governance and network security layer for OpenClaw agents.
- Introduces policy enforcement (PII redaction, shell/file/network controls) with configurable tiers (minimal, development, production, enterprise).
- Integrates standalone security scanner CLI and programmatic API with risk scoring, compliance receipts, and Tork Verified badges.
- Includes pre-built configs, standalone utility functions, and full TypeScript/JS support.
- Extensive handling and logging for LLM requests, tool calls, and network activity.
- Removed obsolete and relocated scanner files and test configs for streamlined structure.
v1.0.1
Improved metadata and documentation clarity. Fail-open mode documented. Policy tiers documented.
v1.0.0
Initial release: AI governance and security for OpenClaw. PII redaction, policy enforcement, shell command blocking, port security, and compliance receipts.
元数据
常见问题
Tork Guardian 是什么?
AI governance and safety layer for OpenClaw agents. Protects against unsafe actions, redacts sensitive data, and generates compliance audit trails. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1145 次。
如何安装 Tork Guardian?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install tork-guardian」即可一键安装,无需额外配置。
Tork Guardian 是免费的吗?
是的,Tork Guardian 完全免费(开源免费),可自由下载、安装和使用。
Tork Guardian 支持哪些平台?
Tork Guardian 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Tork Guardian?
由 torkjacobs(@torkjacobs)开发并维护,当前版本 v1.0.2。
推荐 Skills