ClawHub

Openclaw Marshal

Compliance and policy enforcement for agent workspaces. Define security policies, audit compliance, check command restrictions, and generate audit-ready reports. Free alert layer — upgrade to openclaw-marshal-pro for active enforcement, blocking, and automated remediation.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
1 · 1.2k · 2 current installs · 2 all-time installs
by@AtlasPA
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description claim a compliance/audit tool and the bundle contains a Python script that scans a workspace for commands, domains, and configuration—this is consistent. However marketing text says the free tier is 'alert only' while the included script implements active enforcement/quarantine/enforce/protect commands. The repository/homepage is unknown which reduces trust in provenance.
!
Instruction Scope
SKILL.md instructs the agent (or user) to run the included marshal.py against a workspace; the script auto-detects a workspace and scans/assesses all skills. The script also exposes operations that can modify state (enforce, quarantine, unquarantine, hooks, protect). Those are within the stated purpose but are potentially destructive (rename/move/quarantine skills, create hooks) and the README/marketing is inconsistent about whether active enforcement is part of the free skill. The runtime instructions and code give the agent broad discretion over workspace files—review and backups are recommended.
Install Mechanism
No install spec; the skill is instruction-only plus a bundled Python script. Nothing is downloaded from external URLs or installed automatically by the skill. The risk of supply-chain code being pulled at install time is low because everything is included in the bundle.
Credentials
No required environment variables or credentials are declared; the script optionally respects OPENCLAW_WORKSPACE to locate the workspace. There are no requested secrets or unrelated credentials in metadata. This is proportionate for a local-audit tool.
Persistence & Privilege
always:false (good). Model invocation is allowed (disable-model-invocation:false), which is the platform default. Because the script exposes enforcement/quarantine operations that modify other skills and workspace state, an autonomously-invoked agent could perform those changes if given the ability — combine that with the previous concern and treat autonomous invocation as a real risk unless you intentionally restrict it.
What to consider before installing
This tool appears to be a local compliance/audit script and is mostly coherent with its description, but it can modify your workspace (quarantine/enforce/hooks). Before installing or running it: 1) Treat the package as untrusted until you verify its source—there is no homepage or known repo in the metadata. 2) Inspect the bundled scripts yourself (search for functions named enforce, quarantine, protect, os.remove, shutil.rmtree, os.rename, subprocess/os.system) to confirm what modifications will occur and when. 3) Run on a copy or non-production workspace first and back up your workspace. 4) If you intend to let agents call this skill autonomously, restrict or review agent permissions (or set disable-model-invocation) so it cannot run destructive commands without human approval. 5) Ask the publisher for a canonical source/repo and change logs; prefer installing from a verified repository. If you want help locating and reviewing the parts of scripts/marshal.py that implement quarantine/enforce, I can inspect those functions in more detail.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.2
Download zip
latestvk973hc5b4eg52wtc150g57k8k98116k7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📋 Clawdis
OSmacOS · Linux · Windows
Binspython3

SKILL.md

OpenClaw Marshal

Define security policies for your workspace and audit compliance. Check installed skills against command, network, and data handling rules. Generate audit-ready compliance reports.

Why This Matters

Agent workspaces accumulate skills that execute commands, access the network, and handle data. Without a defined security policy, there is no way to know whether installed skills comply with your organization's requirements — or whether your workspace itself meets basic security hygiene standards.

This skill lets you define a policy once and audit everything against it.

Commands

Initialize Policy

Create a default security policy file (.marshal-policy.json) with sensible defaults.

python3 {baseDir}/scripts/marshal.py policy --init --workspace /path/to/workspace

Show Policy

Display the current active policy.

python3 {baseDir}/scripts/marshal.py policy --show --workspace /path/to/workspace

Policy Summary

Quick overview of loaded policy rules.

python3 {baseDir}/scripts/marshal.py policy --workspace /path/to/workspace

Full Compliance Audit

Audit all installed skills and workspace configuration against the active policy. Reports compliance score, violations, and recommendations.

python3 {baseDir}/scripts/marshal.py audit --workspace /path/to/workspace

Check Specific Skill

Check a single skill against the policy. Reports pass/fail per rule.

python3 {baseDir}/scripts/marshal.py check openclaw-warden --workspace /path/to/workspace

Generate Compliance Report

Produce a formatted, copy-pastable compliance report suitable for audit documentation.

python3 {baseDir}/scripts/marshal.py report --workspace /path/to/workspace

Quick Status

One-line summary: policy loaded, compliance score, critical violations count.

python3 {baseDir}/scripts/marshal.py status --workspace /path/to/workspace

Workspace Auto-Detection

If --workspace is omitted, the script tries:

  1. OPENCLAW_WORKSPACE environment variable
  2. Current directory (if AGENTS.md exists)
  3. ~/.openclaw/workspace (default)

What Gets Checked

CategoryChecksSeverity
Command SafetyDangerous patterns (eval, exec, pipe-to-shell, rm -rf /)CRITICAL
Command PolicyBlocked and review-required commands from policyHIGH/MEDIUM
Network PolicyDomain allow/blocklists, suspicious TLD patternsCRITICAL/HIGH
Data HandlingSecret scanner installed, PII scanner configuredHIGH/MEDIUM
Workspace Hygiene.gitignore, audit trail (ledger), skill signing (signet)HIGH/MEDIUM
ConfigurationDebug modes, verbose logging left enabledLOW

Policy Format

The .marshal-policy.json file defines all rules:

  • commands.allow — Permitted binaries
  • commands.block — Blocked command patterns
  • commands.review — Commands requiring human review
  • network.allow_domains — Permitted network domains
  • network.block_domains — Blocked domains
  • network.block_patterns — Wildcard domain blocks (e.g., *.tk)
  • data_handling.pii_scan — Require PII scanning
  • data_handling.secret_scan — Require secret scanning
  • workspace.require_gitignore — Require .gitignore
  • workspace.require_audit_trail — Require ledger
  • workspace.require_skill_signing — Require signet

Exit Codes

  • 0 — Compliant, no issues
  • 1 — Review needed (medium/high findings)
  • 2 — Critical violations detected

No External Dependencies

Python standard library only. No pip install. No network calls. Everything runs locally.

Cross-Platform

Works with OpenClaw, Claude Code, Cursor, and any tool using the Agent Skills specification.

Files

3 total
Select a file
Select a file to preview.

Comments

Loading comments…