ClawHub

Navil Policy

v1.0.2

Reduce MCP token costs by up to 94% and enforce least-privilege tool access. Creates YAML policies that control which MCP tools each agent can see and call....

0· 86·0 current·0 all-time
by@ivanpantheon
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match the runtime instructions: the SKILL.md explains installing and using the 'navil' policy engine to filter MCP tool lists and reduce token cost. The only required binary is pip, which is needed to install the navil package the docs reference — this is proportionate to the described functionality.
Instruction Scope
Instructions stay on-topic: they tell the agent to install 'navil', generate or write policy YAML under ~/.navil, run policy checks, view logs, and enable navil-shield (a proxy shim). However, the auto-generate feature and the proxy operate on agent↔MCP traffic (observing calls/tool usage), which means the installed proxy will be on-path and able to inspect tool lists and usage. This is expected for the stated purpose but is a privacy/privilege consideration the user should accept explicitly.
Install Mechanism
There are no bundled binaries or remote downloads in the skill itself; the SKILL.md recommends using pip to install 'navil'. Using pip is reasonable and expected. Note: pip installs arbitrary Python packages (the SKILL.md even suggests a fallback that may alter system packages), so users should verify the package source/version before running installs.
Credentials
The skill declares no required environment variables or credentials and the instructions do not ask for unrelated secrets. The configuration is limited to policy files under the user's home (~/.navil).
Persistence & Privilege
always:false and agent autonomy settings are normal. The operational model requires deploying a proxy (navil-shield) that sits in the request path and caches/filters responses; that gives the installed software network-level visibility into MCP traffic. This is coherent with the goal but increases operational privilege and attack surface, so apply standard deployment precautions.
Assessment
This skill is internally consistent with its purpose — it tells you to install and run a policy proxy that filters MCP tool lists. Before installing: (1) review the navil GitHub repo and confirm package names/versions match what the SKILL.md references; (2) test navil and navil-shield in a non-production environment because the proxy will be on-path and can observe tool lists and usage; (3) inspect any auto-generated policy.yaml before accepting rules and keep manual rules in a backed-up file; (4) prefer installing in a sandbox/container or virtualenv rather than globally (the SKILL.md suggests pip which can modify system packages); and (5) verify community templates and the package checksum/signature if you need strong assurance. If you are uncomfortable with an on-path proxy inspecting agent traffic, do not deploy this in production without an architecture review.

Like a lobster shell, security has layers — review code before you run it.

latestvk97994k7vpv7tx7as02paqzqmx83k6wtmcpvk97cmyvq00f5v89rhhygwfrj1h83kxd1securityvk97cmyvq00f5v89rhhygwfrj1h83kxd1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📋 Clawdis
Binspip

Comments