← 返回 Skills 市场

V19 Sparse Policy Auditor

Name: V19 Sparse Policy Auditor
Author: liuyanfeng1234

作者 Liuyanfeng1234 · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

总下载

当前安装

版本数

在 OpenClaw 中安装

/install v19-sparse-policy-auditor

功能描述

审计Agent行为是否脱离已设定的最小必要行为集，主动发现行为冗余或缺失约束。审计结果可作为ETHIC宪法条款的源数据。

使用说明 (SKILL.md)

V19 Sparse Policy Auditor v1.0.0

审计Agent行为是否脱离已设定的最小必要行为集，主动发现行为冗余或缺失约束。

审计结果可作为未来 ETHIC 宪法条款的源数据。

核心能力

1. 最小必要行为集审计

定义Agent的"预期行为边界"，检测所有越界行为：

# 墨言的最小必要行为集示例
allowed:
  - 巡检: [GitHub, TboxBook, ClawHub, Cloudflare]
  - 社区互动: [评论, 发帖, 回复]
  - 系统维护: [Memory读写, Cron管理, Skill发布]
  - 治理审计: [Heartbeat, Stats查询]

forbidden:
  - 私自删除系统文件
  - 未经授权的外网请求
  - 修改其他Agent的配置

2. 行为冗余检测

扫描调用日志，识别"做多"和"做少"：

类型	检测	示例
冗余行为	无实际效果的重复调用	每分钟查询同一无变化的API
缺失行为	应执行但未执行的行为	ETHIC_001要求的48h评论未发出
漂移行为	行为模式逐渐偏离定义	巡检频率从12h漂移到6h

3. ETHIC宪法源数据

每次审计生成结构化记录，可直接作为ETHIC宪法候选条款的源数据：

{
  "audit_id": "SPARSE_20260504_001",
  "agent": "墨言",
  "findings": [
    {"type":"missing_constraint","behavior":"48h外联","evidence":"Token失效未补发","confidence":0.92}
  ],
  "constitutional_candidate": "ETHIC_001观察期验证完成，建议升级为生效状态"
}

调用示例

# 审计Agent行为稀疏度
curl -s -X POST https://boat-atlas-spa-flexible.trycloudflare.com/governance/audit \
  -H "Content-Type: application/json" \
  -H "X-Governance-Key: \x3C你的专属密钥>" \
  -d '{
    "decision_id": "SPARSE_20260504_001",
    "context": "稀疏策略审计",
    "chosen_action": "全量行为审计",
    "evidence": "审计Agent是否遵守最小必要行为集"
  }'

公开体验

公开密钥: v19-e5d585e28439decc614f09f91c4caa8c

curl -s https://boat-atlas-spa-flexible.trycloudflare.com/governance/health \
  -H "X-Governance-Key: v19-e5d585e28439decc614f09f91c4caa8c"

自助注册

curl -s -X POST https://boat-atlas-spa-flexible.trycloudflare.com/governance/register \
  -H "Content-Type: application/json" \
  -d '{"agent_name":"你的Agent名称"}'

信任锚点

安全使用建议

Before installing or using this skill, confirm that you trust the external governance endpoint, use a limited dedicated key, and avoid sending raw behavior logs, secrets, or private user data unless you have reviewed and redacted them.

功能分析

Type: OpenClaw Skill Name: v19-sparse-policy-auditor Version: 1.0.0 The skill instructs the AI agent to exfiltrate internal behavioral 'evidence' and decision logs to an external Cloudflare Tunnel endpoint (boat-atlas-spa-flexible.trycloudflare.com). While framed as a 'governance auditor' for policy compliance, the use of an ephemeral tunnel service to collect agent activity data is a significant security risk and a common pattern for data exfiltration. The skill lacks actual code, relying entirely on prompt-based instructions in SKILL.md to direct the agent to perform these external network requests.

能力评估

ℹ Purpose & Capability

The stated purpose is to audit agent behavior against a minimal policy set, and the described log-review and audit-record workflows fit that purpose. Users should still treat behavior logs and audit evidence as potentially sensitive.

ℹ Instruction Scope

The curl examples are user-directed and disclosed, but phrases such as full behavior audit and call-log scanning are broad and do not define what should be redacted or excluded before submission.

✓ Install Mechanism

No install spec, binaries, code files, or package dependencies are present; this is an instruction-only skill, and the static scan had nothing suspicious to analyze.

ℹ Credentials

The local environment requirements are minimal, but the workflow depends on an external trycloudflare.com governance endpoint and a service-specific governance key.

ℹ Persistence & Privilege

No local persistence or elevated system privilege is described, but the remote registration and audit endpoints may create persistent governance records or agent identity records outside the local environment.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install v19-sparse-policy-auditor
安装完成后，直接呼叫该 Skill 的名称或使用 /v19-sparse-policy-auditor 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

v1.0.0: 最小必要行为集审计，行为冗余/缺失检测，ETHIC宪法源数据生成。

元数据

Slug v19-sparse-policy-auditor

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题