ClawHub

Agent Governance Auditor

v1.0.0

Expert AI auditor that evaluates agent specs for governance risks, scoring 6 dimensions and producing actionable gap findings and improvement recommendations.

0· 44·0 current·0 all-time
by@filipbl4gojevic
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Agent Governance Auditor) match the skill contents: SKILL.md, rubric, patterns, and templates are all focused on auditing agent specs. The skill requests no binaries, env vars, or config paths that would be unrelated to its stated purpose.
Instruction Scope
SKILL.md contains a concrete, bounded audit workflow (parse input spec, score six dimensions, list critical gaps, provide fixes). It does not instruct the agent to read arbitrary local files, access credentials, call external endpoints, or perform unrelated system actions. The only input required is the agent spec the user provides.
Install Mechanism
No install spec and no code files to download or execute — the skill is instruction-only, so nothing is written to disk or fetched during install.
Credentials
The skill declares no environment variables, no credentials, and no config paths. There is no disproportionate access requested for its auditing purpose.
Persistence & Privilege
Flags: always:false (not forced into every agent run). disable-model-invocation is false by default (normal). The skill does not ask to modify other skills or system-wide configs and does not request persistent privileges.
Scan Findings in Context
[no-regex-findings] expected: The static scanner found no regex hits. This is expected: the skill is instruction-only and contains no code files for the regex scanner to analyze.
Assessment
This skill appears internally consistent and low-risk because it's instruction-only and requests no credentials or installs. Before using it: (1) avoid pasting sensitive secrets or production credentials into the spec you submit to the auditor (the audit will analyze whatever you provide); (2) validate the auditor's recommendations on a few known sample specs to ensure scoring matches your expectations; (3) treat the output as advisory (human review required) — the skill can help find gaps but cannot enforce fixes; (4) if you plan to enable autonomous invocation for this skill in an agent, ensure that the agent overall has appropriate controls (limits on actions, logging, escalation) because autonomous invocation plus broad tool access elsewhere increases risk.

Like a lobster shell, security has layers — review code before you run it.

latestvk974tkx69herxb1v8ba2m2917n843065

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments