governance-guard
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using the standard policy may treat many local reads and workspace file changes as already approved without asking again.
The standard policy, which the documentation recommends, approves all home-directory reads and workspace writes unless a sensitive-data rule matches first. This is disclosed and fits the governance purpose, but it is broad if an agent relies on it as an approval gate.
- name: allow-read-local ... target_pattern: "~/**" ... verdict: approve ... - name: allow-write-workspace ... target_pattern: "./**" ... verdict: approve
Review or customize the policy before relying on it, especially for sensitive work; use the strict preset if you want explicit approval for more action types.
Sensitive details included in governed actions may remain in a local audit log across sessions.
The audit log is intentionally persistent and can contain the triggering user message and tool parameters, which may include sensitive context depending on how the skill is used.
The intent JSON must include ... `parameters`: tool parameters ... `userInstruction`: the user message that triggered this action ... Governance data is stored in `~/.openclaw/governance/`: ... `witness.jsonl` — append-only, hash-chained audit log
Avoid putting secrets in action parameters or user instructions, protect the ~/.openclaw/governance/ directory, and periodically review log retention expectations.