{"skill":{"slug":"enterprise-legal-guardrails","displayName":"Enterprise Legal Guardrails Public","summary":"Legal/compliance guardrails for outbound OpenClaw actions (anti-spam, defamation, privacy, financial claims).","description":"---\nname: enterprise-legal-guardrails\ndescription: Legal/compliance guardrails for outbound OpenClaw actions (anti-spam, defamation, privacy, financial claims).\n---\n\n# Enterprise Legal Guardrails\n\nUse this skill to preflight bot output before posting, messaging, or publishing anything that could create legal/compliance risk.\n\n## What it is\nA generic **outbound** guardrail checker used by workflows before execute actions such as post/comment/message/chat/send in any app.\n\n## When to use\n- Before `create_post`, `create_comment`, `send_message`, or equivalent publish actions.\n- Before market-related commentary, strategy claims, or price/certainty statements.\n- Before HR-sensitive or workplace-adjacent messaging.\n- Before anti-spam or coordination-heavy communications.\n- Before handling or exposing personal identifiers.\n\n## Workflow\n\n1. Draft text.\n2. Run the checker with the matching action/profile.\n3. If result is **PASS/WATCH**, proceed.\n4. If **REVIEW**, rewrite or route for human/legal review.\n5. If **BLOCK**, do not execute.\n\nUse it as a shared OpenClaw outbound safety layer for any skill that publishes content.\nBabylon is only one current integration example, not the primary purpose of the skill.\n\n## Quick usage\n\n```bash\npython3 scripts/check_enterprise_guardrails.py \\\n  --action post \\\n  --app <app_name> \\\n  --policies social antispam hr \\\n  --text \"Draft text here\"\n```\n\n```bash\npython3 scripts/check_enterprise_guardrails.py \\\n  --action comment \\\n  --scope include \\\n  --apps whatsapp,telegram \\\n  --text \"Draft text here\"\n```\n\n```bash\npython3 scripts/check_enterprise_guardrails.py \\\n  --action market-analysis \\\n  --text \"Market commentary...\" \\\n  --json\n```\n\n## App scope (global filtering)\n\nScope applies to any app-context passed with `--app` and these env vars (legacy names preserved for compatibility):\n\n- `ENTERPRISE_LEGAL_GUARDRAILS_OUTBOUND_SCOPE` (`all|include|exclude`)\n- `ENTERPRISE_LEGAL_GUARDRAILS_OUTBOUND_APPS` (comma-separated list)\n- `BABYLON_GUARDRAILS_SCOPE`\n- `BABYLON_GUARDRAILS_OUTBOUND_SCOPE`\n- `BABYLON_GUARDRAILS_APPS`\n\nExamples:\n\n- `all`: check all outbound content.\n- `include` + `whatsapp,email`: only check those apps.\n- `exclude` + `whatsapp,email,moltbook,babylon`: everything except these apps.\n\nIf scope is omitted, default is `all`.\n\n## Profiles\n\n- `social`: public social text, comments, announcements.\n- `antispam`: unsolicited/pumping/coordinating messaging.\n- `hr`: workplace, hiring, performance, or employee conduct language.\n- `privacy`: personally identifying data and private information disclosures.\n- `market`: market/financial claims and outcome assertions.\n- `legal`: legal conclusions/implication language.\n\nIf no profile is provided, defaults are derived from `--action`:\n- `post|comment|message` → `social,legal`\n- `trade|market-analysis` → `market,financial`\n- `generic` → `legal,social`\n\n## Output\n\n- `PASS`: safe to execute\n- `WATCH`: low risk; optional rewrite\n- `REVIEW`: human/legal review recommended\n- `BLOCK`: do not execute\n\n## Tuning\n\nYou can tune decision sensitivity via environment variables (or CLI flags in direct runs):\n\n- `ENTERPRISE_LEGAL_GUARDRAILS_REVIEW_THRESHOLD` (`default: 5`)\n- `ENTERPRISE_LEGAL_GUARDRAILS_BLOCK_THRESHOLD` (`default: 9`)\n\nCLI overrides:\n- `--review-threshold`\n- `--block-threshold`\n\nLegacy aliases are supported in legacy env names: `ELG_*` and `BABYLON_GUARDRAILS_*`.\n\n## Universal outbound adapter (no-native integration path)\n\nFor skills/tools without native guardrail hooks (for example: Gmail, custom website\npublishing, custom message bots), run outbound operations through the wrapper:\n\n```bash\npython3 /path/to/enterprise-legal-guardrails/scripts/guard_and_run.py   --app <app_name>   --action <post|comment|message|trade|market-analysis|generic> --execute --text \"$DRAFT\"   -- <outbound command...>\n```\n\nExamples:\n\n```bash\n# Gmail via gog\npython3 /path/to/enterprise-legal-guardrails/scripts/guard_and_run.py   --app gmail --action message --execute --text \"Hello, ...\"   -- gog gmail send --to user@domain.com --subject \"Update\" --body \"Hello, ...\"\n\n# Website/publication publish flow\npython3 /path/to/enterprise-legal-guardrails/scripts/guard_and_run.py   --app website --action post --execute --text \"$POST_COPY\"   -- npm run publish-post \"$POST_COPY\"\n```\n\nUse this wrapper to apply the same policy checks in non-Babylon outbound flows.\n\n## Compatibility\n\nLegacy name `legal-risk-checker` is preserved in OpenClaw workspaces that still reference it.\n\n## References\n\nSee `references/guardrail-policy-map.md` for the full policy rule set and suggested rewrites.\n\n## Packaging\n\nA distributable bundle is available at:\n- `dist/enterprise-legal-guardrails.skill`\n### Hardening controls for `guard_and_run.py`\n\nFor non-native outbound integrations, treat `guard_and_run` as an execution\nboundary. Recommended flags/env:\n\nExecution safety is allowlist-first by default. Wrapper requires explicit\n`--allowed-command` (or env alias) unless `--allow-any-command` is explicitly enabled.\n\n- `--allow-any-command` / `ENTERPRISE_LEGAL_GUARDRAILS_ALLOW_ANY_COMMAND`\n  - Explicitly bypass allowlist enforcement (unsafe; audit-first use only).\n- `--suppress-allow-any-warning` / `ENTERPRISE_LEGAL_GUARDRAILS_SUPPRESS_ALLOW_ANY_WARNING`\n  - Suppresses the runtime safety warning when `--allow-any-command` is intentionally enabled.\n- `--allow-any-command-reason` / `ENTERPRISE_LEGAL_GUARDRAILS_ALLOW_ANY_COMMAND_REASON`\n  - Mandatory rationale for any `allow-any` bypass invocation. Suggested format: `SEC-1234: emergency fix`.\n- `--allow-any-command-approval-token` / `ENTERPRISE_LEGAL_GUARDRAILS_ALLOW_ANY_COMMAND_APPROVAL_TOKEN`\n  - Mandatory approval token for any `allow-any` bypass invocation; stored as a short token fingerprint in audit logs.\n- `--allowed-command <exe...>` / `ENTERPRISE_LEGAL_GUARDRAILS_ALLOWED_COMMANDS`\n  - Allow-list executables (supports comma/space lists and wildcards).\n- `--execute` / `ENTERPRISE_LEGAL_GUARDRAILS_EXECUTE`\n  - Enables execution after guard checks. Without this flag, runs are validation-only.\n- `--strict` / `ENTERPRISE_LEGAL_GUARDRAILS_STRICT`\n  - Escalate `REVIEW` to hard block.\n- `--sanitize-env`\n- `--keep-env <VAR...>` / `--keep-env-prefix <PREFIX...>`\n- `--command-timeout`, `--checker-timeout`, `--max-text-bytes`\n- `--audit-log <file>` / `ENTERPRISE_LEGAL_GUARDRAILS_AUDIT_LOG`\n\nThese flags provide execution safety, command scoping, and immutable trail for\npost-incident review without changing checker logic.\n","topics":["Privacy","Financial"],"tags":{"compliance":"1.0.20","latest":"1.0.20","legal":"1.0.20","openclaw":"1.0.20","safety":"1.0.20"},"stats":{"comments":2,"downloads":1700,"installsAllTime":63,"installsCurrent":3,"stars":2,"versions":20},"createdAt":1771309582150,"updatedAt":1778491563795},"latestVersion":{"version":"1.0.20","createdAt":1771474980142,"changelog":"**Added explicit --execute flag requirement for guard_and_run.py wrapper commands**\n\n- The guard_and_run.py script now requires the explicit --execute flag to actually run outbound commands; without it, runs are validation-only.\n- Documentation and usage examples in SKILL.md updated to include the new --execute requirement.\n- Clarified help text and usage guidance to reduce the risk of accidental command execution.\n- Tests updated to cover --execute flag enforcement.","license":null},"metadata":null,"owner":{"handle":"lawyered0","userId":"s172ccm19zjf0h5ahpgjt28na18856xf","displayName":"Lawyered","image":"https://avatars.githubusercontent.com/u/4802498?v=4"},"moderation":{"isSuspicious":false,"isMalwareBlocked":false,"verdict":"clean","reasonCodes":["review.llm_review"],"summary":"Review: review.llm_review","engineVersion":"v2.4.24","updatedAt":1779972291218}}