governance-guard
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: governance-guard Version: 0.1.0 This skill bundle, 'governance-guard', is designed to enhance the security of autonomous agent actions by implementing a three-phase PROPOSE-DECIDE-PROMOTE pipeline. It features a fail-closed design, a deterministic policy engine (explicitly not involving an LLM to prevent prompt injection), cryptographic hash binding for action intents and audit records, and robust validation. The `SKILL.md` instructions guide the agent to use this governance system, not to bypass it. Policy files (`policies/*.yaml`) explicitly block access to sensitive data like credentials and SSH keys. All dependencies are standard development tools. There is no evidence of data exfiltration, unauthorized remote execution, persistence mechanisms, or obfuscation. The custom YAML parser and direct `JSON.parse` on CLI arguments are potential areas for subtle bugs, but the design prioritizes security (e.g., minimal YAML subset, input validation) and does not indicate malicious intent or critical, easily exploitable vulnerabilities.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using the standard policy may treat many local reads and workspace file changes as already approved without asking again.
The standard policy, which the documentation recommends, approves all home-directory reads and workspace writes unless a sensitive-data rule matches first. This is disclosed and fits the governance purpose, but it is broad if an agent relies on it as an approval gate.
- name: allow-read-local ... target_pattern: "~/**" ... verdict: approve ... - name: allow-write-workspace ... target_pattern: "./**" ... verdict: approve
Review or customize the policy before relying on it, especially for sensitive work; use the strict preset if you want explicit approval for more action types.
Sensitive details included in governed actions may remain in a local audit log across sessions.
The audit log is intentionally persistent and can contain the triggering user message and tool parameters, which may include sensitive context depending on how the skill is used.
The intent JSON must include ... `parameters`: tool parameters ... `userInstruction`: the user message that triggered this action ... Governance data is stored in `~/.openclaw/governance/`: ... `witness.jsonl` — append-only, hash-chained audit log
Avoid putting secrets in action parameters or user instructions, protect the ~/.openclaw/governance/ directory, and periodically review log retention expectations.