← Back to Skills Marketplace
81
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install alfred-agent-governance
Description
Enforces YAML-based runtime policies to intercept, audit, rate-limit, and stop AI agent tool calls for secure governance in OpenClaw.
README (SKILL.md)
Agent Governance Skill
Runtime governance for AI agents in OpenClaw. Inspired by Microsoft Agent Governance Toolkit (MIT) and OWASP Agentic AI Top 10.
Features
1. Policy Engine (Phase 1)
Intercepts tool calls and applies YAML-based rules before execution.
Rule types:
deny_patterns: regex patterns blocked in tool params (SQL injection, privilege escalation)deny_tools: specific tools blocked for specific agentsrate_limit: max calls per time window per agentrequire_approval: tools that need human approval before executionresource_limits: max tokens, max exec timeout per agent per session
2. Audit Logger (Phase 1)
Logs every tool call with agent identity, timestamp, params hash, result, and signature.
Output: Appends to memory/audit-log/YYYY-MM-DD.jsonl
Format:
{"ts":"2026-04-23T15:00:00Z","agent":"coder","tool":"exec","params_hash":"sha256:...","result":"success","duration_ms":120}
3. Kill Switch (Phase 1)
Provides commands to stop running agent sessions.
Usage:
# List active sessions
openclaw sessions --status active
# Kill a specific session
openclaw sessions kill \x3Csession-id>
# Emergency: kill all non-main sessions
openclaw sessions kill --all --exclude main
4. Permission Rings (Phase 2 - planned)
Three privilege levels inspired by CPU rings:
| Ring | Level | Access |
|---|---|---|
| Ring 3 (User) | 0 | Read-only, no tools |
| Ring 2 (Sandbox) | 1 | Limited tools, no exec, no network |
| Ring 1 (Restricted) | 2 | Most tools, exec with approval |
| Ring 0 (Full) | 3 | All tools, no restrictions |
5. Trust Scoring (Phase 3 - planned)
Behavioral trust score per agent (0-1000). Decreases on denials, increases on success. Trust decay over time.
Configuration
Create config/governance-rules.yaml:
version: "1.0"
agents:
coder:
deny_patterns:
- "DROP\\s+TABLE"
- "rm\\s+-rf\\s+/"
- "DELETE\\s+FROM\\s+users"
rate_limit:
exec: 50/hour
write: 100/hour
require_approval:
- "exec.*sudo"
- "exec.*systemctl"
security:
deny_tools:
- "write"
- "edit"
rate_limit:
web_search: 30/hour
research:
deny_tools:
- "write"
- "edit"
rate_limit:
web_fetch: 20/hour
debug:
deny_tools:
- "write"
- "edit"
Usage in Sessions
Before executing any tool call, check against rules:
import yaml, re, hashlib, json
from datetime import datetime
RULES_FILE = "config/governance-rules.yaml"
AUDIT_DIR = "memory/audit-log"
def check_policy(agent, tool, params_str):
"""Returns (allowed: bool, reason: str)"""
rules = yaml.safe_load(open(RULES_FILE))
agent_rules = rules.get("agents", {}).get(agent, {})
# Check deny_tools
for denied in agent_rules.get("deny_tools", []):
if re.search(denied, tool):
return False, f"Tool '{tool}' denied for agent '{agent}'"
# Check deny_patterns
for pattern in agent_rules.get("deny_patterns", []):
if re.search(pattern, params_str, re.IGNORECASE):
return False, f"Pattern matched: {pattern}"
return True, "OK"
def log_audit(agent, tool, params_str, result, duration_ms):
"""Append to daily audit log"""
from pathlib import Path
Path(AUDIT_DIR).mkdir(parents=True, exist_ok=True)
entry = {
"ts": datetime.utcnow().isoformat() + "Z",
"agent": agent,
"tool": tool,
"params_hash": "sha256:" + hashlib.sha256(params_str.encode()).hexdigest()[:16],
"result": result,
"duration_ms": duration_ms
}
log_file = f"{AUDIT_DIR}/{datetime.utcnow().strftime('%Y-%m-%d')}.jsonl"
with open(log_file, "a") as f:
f.write(json.dumps(entry) + "\
")
OWASP Agentic AI Mapping
| OWASP Risk | Mitigation |
|---|---|
| ASI01 Goal Hijacking | Semantic intent classification (Phase 2) |
| ASI02 Tool Misuse | deny_patterns + deny_tools |
| ASI03 Identity Abuse | Audit logger + agent identity |
| ASI05 Code Execution | Permission rings + resource limits |
| ASI06 Memory Poisoning | deny write patterns on memory files |
| ASI08 Cascading Failures | Rate limiting + circuit breakers |
| ASI10 Rogue Agents | Kill switch + trust scoring |
Roadmap
- Phase 1: Policy Engine (YAML rules), Audit Logger, Kill Switch
- Phase 2: Permission Rings, Semantic Intent Classifier
- Phase 3: Trust Scoring, Circuit Breakers, Compliance Reports
Author
Alfred (Joker's CEO Agent) — Inspired by Microsoft Agent Governance Toolkit (MIT license)
License
MIT
Usage Guidance
This skill is coherent with its stated goal and is low-risk because it's instruction-only, but before installing: (1) verify who authored it (source is unknown) and whether you trust the author; (2) ensure config/governance-rules.yaml and the memory/audit-log directory are located where you expect and have appropriate access controls (audit logs may contain sensitive metadata); (3) confirm the OpenClaw CLI commands used for killing sessions match your environment and that only authorized operators can run them; (4) test deny_patterns and rate limits in a safe environment — regexes and policy logic can produce false positives or block legitimate agent behavior; and (5) note that the SKILL.md provides example code but not an automatic enforcement hook — you should review/implement how these checks are actually integrated into your agent runtime before relying on them.
Capability Analysis
Type: OpenClaw Skill
Name: alfred-agent-governance
Version: 1.0.0
The 'alfred-agent-governance' skill bundle provides a legitimate framework for implementing security controls and audit logging for AI agents. The code snippets in SKILL.md use safe practices like yaml.safe_load and regex-based pattern matching to enforce policies, and the audit logging logic is standard and transparent. No indicators of malicious intent, data exfiltration, or prompt injection were found.
Capability Assessment
Purpose & Capability
The name/description (agent governance) aligns with what the SKILL.md requests and shows: reading a local config/governance-rules.yaml, applying deny_patterns/deny_tools/rate_limit logic, writing audit logs, and invoking OpenClaw session management. There are no unrelated credentials, binaries, or installs requested.
Instruction Scope
The instructions are scoped to policy checks, audit logging, and use of the OpenClaw sessions CLI (list/kill). They do instruct writing audit entries to memory/audit-log and reading config/governance-rules.yaml; this is expected but does assume the agent runtime has permission to read/write those paths and access the openclaw CLI. The SKILL.md provides example Python snippets rather than an integration hookup; it does not show any network calls or access to unrelated system files.
Install Mechanism
Instruction-only skill with no install spec and no code files. That minimizes supply-chain risk (nothing is downloaded or written by an installer).
Credentials
The skill declares no required environment variables or external credentials, and the instructions only reference a local config file and local audit directory. No disproportionate secret access is requested.
Persistence & Privilege
Flags are default (not always), and the skill does not request to persist itself or modify other skills. It writes local audit logs and expects a config file, which is consistent with a governance tool's normal behavior.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install alfred-agent-governance - After installation, invoke the skill by name or use
/alfred-agent-governance - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: Policy Engine (YAML), Audit Logger, Kill Switch, OWASP ASI mapping
Metadata
Frequently Asked Questions
What is Alfred Agent Governance?
Enforces YAML-based runtime policies to intercept, audit, rate-limit, and stop AI agent tool calls for secure governance in OpenClaw. It is an AI Agent Skill for Claude Code / OpenClaw, with 81 downloads so far.
How do I install Alfred Agent Governance?
Run "/install alfred-agent-governance" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Alfred Agent Governance free?
Yes, Alfred Agent Governance is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Alfred Agent Governance support?
Alfred Agent Governance is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Alfred Agent Governance?
It is built and maintained by lJokerl (@lllljokerllll); the current version is v1.0.0.
More Skills