Governance Inheritance
v1.0.0Hierarchical policy inheritance system for OpenClaw agents. Enables policies to be defined at organization, team, project, and session levels with automatic...
⭐ 0· 83·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (hierarchical policy inheritance) align with the included files: init_governance.py creates policy YAML templates and validate_chain.py loads and validates policy chains. Required tools and paths (read/write under a GOVERNANCE_ROOT) match the stated functionality; nothing in the code requests unrelated cloud credentials or external services.
Instruction Scope
SKILL.md instructs use of exec, read, write tools and references GOVERNANCE_ROOT. The shipped scripts only read/write policy YAML files and validate rules; they do not execute arbitrary shell commands or contact network endpoints. Minor inconsistency: SKILL.md lists 'exec' as required but the provided Python scripts do not invoke external commands (they create/read YAML files). The templates and schema allow rules that reference sensitive system paths (e.g., /etc/*, ~), so you should review any policy files before applying them because those policies could control agent file/shell/http behavior.
Install Mechanism
No install spec; this is an instruction-only skill with included scripts. Nothing is downloaded or extracted from remote URLs. Risk from install mechanism is low.
Credentials
No required environment variables or credentials are declared. SKILL.md recommends an optional GOVERNANCE_ROOT (default ~/.openclaw/governance) which is proportional to storing policy files. The skill does not request unrelated secrets.
Persistence & Privilege
The skill writes and reads policy files under the user's governance root (default ~/.openclaw/governance). That level of persistence is expected for a governance/policy tool, but note it can modify files that affect agent behavior—review and back up existing governance data before initializing. always:false (normal); autonomous invocation is allowed by default (platform default) but is not itself unusual here.
Assessment
This skill is coherent for creating and validating hierarchical policy YAMLs and does not request credentials or perform remote installs. Before installing/running: (1) review the templates and any generated policies—they can reference sensitive paths (e.g., /etc/*, ~) and will influence what the agent is allowed to do; (2) back up your existing ~/.openclaw/governance if present; (3) validate policies with validate_chain.py (it requires PyYAML) in a safe environment; (4) be aware that although the code doesn't execute shell commands, the policies produced may enable or block agent actions elsewhere—only enable autonomous invocation if you trust the policy author and integration. If anything seems unexpected (extra env vars, network calls, or an install script that fetches remote code), stop and inspect the files first.Like a lobster shell, security has layers — review code before you run it.
latestvk979bkja2685rjt0s9530nasg18384r6
License
MIT-0
Free to use, modify, and redistribute. No attribution required.