← Back to Skills Marketplace
Nous Safety
by
Dario Zhang
· GitHub ↗
· v0.1.1
· MIT-0
99
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install nous-safety
Description
Ontology-driven Agent safety layer. Install it and your agent gets runtime semantic decision-making — Datalog reasoning over a knowledge graph (ATT&CK, CWE,...
Usage Guidance
This skill appears to implement what it says, but proceed cautiously. Before installing: (1) inspect the GitHub repository and the exact commit the install script will clone (don't install blindly from an unknown tip), (2) review package code (especially top-level imports and any network calls) because pip install -e and the verification import will execute code, (3) run the install in an isolated environment or container and start in shadow mode as recommended, (4) only supply LLM API keys you understand and consider scoping/policy (the skill omits declaring these required env vars), and (5) prefer pinning the repo to a specific release tag/commit rather than installing from trunk. If you cannot review the repo, treat this as higher risk and avoid installing into production agents.
Capability Analysis
Type: OpenClaw Skill
Name: nous-safety
Version: 0.1.1
The skill bundle acts as an installer for an external security engine, but it utilizes risky 'supply chain' patterns by cloning and installing unverified code from a GitHub repository (dario-github/nous) into the user's home directory via scripts/install.sh. While the behavior is aligned with the stated purpose, the documentation in SKILL.md contains anomalies such as references to non-existent models (GPT-5-mini) and companion projects for 'agent-self-evolution,' which represent high-risk capabilities for an autonomous agent without clear safety boundaries.
Capability Assessment
Purpose & Capability
Name/description (ontology-driven runtime safety) align with the included instructions and files: the skill installs a Python package that provides gate/evaluate_request and a gateway hook for tool calls, and the SKILL.md shows use-cases consistent with a decision engine.
Instruction Scope
Instructions are scoped to installing the nous package, importing its gate/hook APIs, editing ontology/rules, and optionally integrating with an LLM. They do not instruct the agent to read unrelated system data. However the SKILL.md requires an LLM API key (for the semantic gate) and references config and log files, but the declared metadata does not list those credentials — this omission reduces transparency.
Install Mechanism
Install.sh clones the project directly from GitHub and runs pip install -e ., then verifies installation by importing the package. Cloning from a GitHub repo and pip-installing editable code is a common pattern but means arbitrary package code will be pulled and executed at install/ import time — higher risk than instruction-only skills. The repo URL matches the homepage in SKILL.md, which reduces suspicion but does not remove the need to review the source.
Credentials
Registry metadata lists no required env vars, yet SKILL.md explicitly says an LLM API key (OpenAI/Anthropic/Google) is needed for the semantic gate and shows a model id referencing openai/gpt-5-mini. That is a material omission: the skill will likely require sensitive API credentials to operate but does not declare them, which is a transparency and privilege concern.
Persistence & Privilege
The skill does not request always:true and is user-invocable (normal). Installation writes into $HOME/.nous (or NOUS_INSTALL_DIR) and creates config/log files under its directory; it does not request system-wide settings or modify other skills. This is typical for a local package.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install nous-safety - After installation, invoke the skill by name or use
/nous-safety - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.1
Add star prompt and companion project links
v0.1.0
- Initial release of the nous-safety skill: ontology-driven agent safety layer.
- Provides runtime semantic decision-making using Datalog reasoning over integrated security frameworks (ATT&CK, CWE, NIST CSF, ISO 27001).
- Starts in shadow mode (observe only), with the option to switch to primary mode for request blocking.
- Extensible: supports custom rules, entities, and knowledge subgraphs.
- Exposes Python API and OpenClaw gateway hook for agent integration.
- Includes metrics, configuration guidance, and installation instructions.
Metadata
Frequently Asked Questions
What is Nous Safety?
Ontology-driven Agent safety layer. Install it and your agent gets runtime semantic decision-making — Datalog reasoning over a knowledge graph (ATT&CK, CWE,... It is an AI Agent Skill for Claude Code / OpenClaw, with 99 downloads so far.
How do I install Nous Safety?
Run "/install nous-safety" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Nous Safety free?
Yes, Nous Safety is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Nous Safety support?
Nous Safety is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Nous Safety?
It is built and maintained by Dario Zhang (@dario-github); the current version is v0.1.1.
More Skills