Agent Guardrails
v1.0.0Stop AI agents from secretly bypassing your rules. Mechanical enforcement with git hooks, secret detection, deployment verification, and import registries. B...
⭐ 0· 254·0 current·0 all-time
by@jzocb
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (git hooks, secret detection, deployment verification, import registries) match the included artifacts: install.sh, pre-/post-create validators, check-secrets.sh, registry templates, deployment-check scaffolding, and a feedback-loop. There are no requested environment variables or unrelated binaries that would be surprising for this purpose.
Instruction Scope
SKILL.md instructs the user to copy and run the provided scripts and to install git hooks into projects. That is consistent with the purpose. The skill also documents a feedback loop (post-commit detection + semi-automatic commit) and includes helper scripts (e.g., PUBLISH_NOW.sh) that call external CLIs; these can modify repository state and produce tasks. Inspect the feedback-loop and publish scripts before enabling them.
Install Mechanism
This is instruction-only in the registry (no automatic installer). The code files are plain shell and Python scripts that get copied into a project when you run install.sh. There are no high-risk network downloads or obscure install hosts in the provided artifacts. The publish helper expects the Clawdhub CLI and a local path but is optional.
Credentials
The skill declares no required environment variables, which aligns with its local, repo-centric operation. However, many scripts operate with the user's git identity and may invoke the Clawdhub CLI (which requires login/credentials) if you run the publish helper. The feedback-loop and auto-commit scripts will act with whatever git credentials are available — review and understand that implicit credential use before running.
Persistence & Privilege
The skill does not set always:true and is user-invocable. It installs git hooks and copies scripts into projects, thereby changing repo-local state (.git/hooks, .pending-skill-updates.txt, etc.). That is expected for a guardrails tool but is a persistent modification to the repository and will run on lifecycle events (commits) until removed — review hooks and auto-commit behavior before enabling.
Assessment
This skill appears to do what it claims: install git hooks, secret scanners, deployment checks, and a feedback loop to surface enforcement improvements. Before installing: 1) Inspect scripts (install.sh, pre/post-create hooks, check-secrets.sh, install-skill-feedback-loop.sh, and any post-commit/auto-commit scripts) to understand what they modify and when they run. 2) Test installation in an isolated or disposable repository first (not in production) so you can safely observe hooks running on commits. 3) Pay attention to the feedback-loop: it creates task files and includes semi-automatic commit helpers — ensure those require explicit confirmation and will not push changes without your approval. 4) If you won’t use publishing helpers, avoid running PUBLISH_NOW.sh (it assumes a Clawdhub CLI and a hardcoded path). 5) Back up your repo or ensure you can revert hooks (.git/hooks) before enabling; consider manually installing hooks or adding an extra manual gate to auto-commit scripts. 6) If you have sensitive credentials, verify the scripts do not transmit them externally (they appear local, but any script that interacts with CLIs or remote services will run under your credentials).Like a lobster shell, security has layers — review code before you run it.
latestvk97b55n72ve67kg1q77skj8wtn822hvp
License
MIT-0
Free to use, modify, and redistribute. No attribution required.