ClawHub

clawgate

v0.1.2

OpenClaw execution governance skill for approval gates, risk classification, confirmation policy, and action boundaries. Use it to reduce low-risk confirmati...

0· 126·0 current·0 all-time
by定大大@dmiyding
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description claim an execution-governance policy for OpenClaw; the repository is a set of templates, rules, and example triggers that align with that goal. Nothing in the package requires unrelated credentials, binaries, or third-party installs.
Instruction Scope
SKILL.md and reference files give precise classification rules, confirmation templates, and examples. They explicitly reference reading OpenClaw config (e.g. ~/.openclaw/openclaw.json) and describing actions, which is appropriate for a governance skill. The instructions do not direct arbitrary exfiltration, unknown network calls, or editing unrelated system-wide configs; they also explicitly warn not to auto-edit AGENTS.md.
Install Mechanism
No install specification or code to download/execute is present — instruction-only. That minimizes filesystem/write risk and matches the stated packaging.
Credentials
The skill declares no required environment variables, no primary credentials, and no special config paths beyond OpenClaw-specific files it legitimately governs (e.g. ~/.openclaw/openclaw.json). There are no unrelated secret/token requests.
Persistence & Privilege
The skill is not always-injected (always: false). It is user-invocable and allows normal autonomous invocation, which is the platform default. This is reasonable, but operators should be conscious that granting autonomous invocation to a governance skill gives it runtime influence over decision flows — ensure activation is deliberate and reviewed.
Scan Findings in Context
[no_regex_matches] expected: The static regex scanner found no concerning code patterns — expected because this is an instruction-only skill comprised of Markdown templates and examples rather than executable code.
Assessment
This package is a coherent governance template set for OpenClaw: it contains classification rules, exact confirmation templates for HIGH/CRITICAL actions, and examples. It does not install software or ask for secrets, and installing the repository does not automatically activate the policy. Before enabling it: (1) Review and manually apply the provided activation snippet in your actual Always-Injected entry point (do not rely on automatic edits), (2) be aware the skill expects access to OpenClaw config files (e.g. ~/.openclaw/openclaw.json) when evaluating requests — only grant that file access to agents you trust, (3) understand this skill guides decision/output shape but does not by itself enforce non-bypassable runtime controls — pair it with runtime/policy enforcement if you need guaranteed blocking, and (4) if you want to limit blast radius, avoid giving autonomous invocation to unreviewed agents or require human-in-the-loop for high/critical decisions.

Like a lobster shell, security has layers — review code before you run it.

latestvk979m5b375ew7b8m68ya1dx06n83wf73

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments