chitin-moat

v1.0.0

Enforce contextual permission boundaries for AI agents based on communication surface. Constrains agent capabilities (exec, file I/O, secrets, messaging) by...

⭐ 0· 285·0 current·0 all-time

by@adroidian

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

Name/description match the included artifacts: example config, permission matrix, and three small helper scripts (validate, audit, resolve). The skill requests no env vars, binaries, or installs, which is proportionate for a configuration-and-audit helper.

ℹ

Instruction Scope

SKILL.md correctly instructs validating and auditing the chitin-trust-channels.yaml and integrating a 'resolve before responding' step into AGENTS.md. Important: the skill only supplies static scripts and guidance — it does not itself enforce runtime capability restrictions inside an agent. Users must integrate the resolve step into their agent runtime to enforce ceilings; otherwise the guidance is advisory only.

✓

Install Mechanism

Instruction-only with small included Python scripts; no install spec, no downloads, no external package pulls. Low friction and low risk from installation.

✓

Credentials

No environment variables, credentials, or config paths are requested. Scripts read only the provided YAML config and produce console output. There is no network or external endpoint usage.

✓

Persistence & Privilege

Skill is not always-enabled and does not modify other skills or system-wide settings. It doesn't persist secrets or change system configuration; it only reads a user-provided config file.

Assessment

This skill is a coherent, advisory toolkit for mapping channels to trust levels — it does not automatically enforce those limits. Before relying on it: (1) integrate the resolve step into your agent runtime so capability ceilings are actually enforced, (2) review and supply correct channel/owner IDs in chitin-trust-channels.yaml, (3) test the integration thoroughly (the resolve script has minor bugs: when an override matches it returns a field named 'level' containing the override pattern instead of a level, and the DM detection logic may misclassify some channel ID formats), and (4) treat the permission matrix as policy guidance only — the agent or platform must implement the enforcement hooks (e.g., blocking exec, file I/O, or secret access) to make the controls effective.

Like a lobster shell, security has layers — review code before you run it.

latestvk97b7h1xzjhvmhyv0qdr58ej598211p7

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

chitin-moat

License

Comments