ClawHub

Enterprise Legal Guardrails Public

v1.0.13

Legal/compliance guardrails for outbound OpenClaw actions (anti-spam, defamation, privacy, financial claims).

0· 699·0 current·0 all-time
byLawyered@lawyered0

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for lawyered0/enterprise-legal-guardrails-public.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Enterprise Legal Guardrails Public" (lawyered0/enterprise-legal-guardrails-public) from ClawHub.
Skill page: https://clawhub.ai/lawyered0/enterprise-legal-guardrails-public
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install enterprise-legal-guardrails-public

ClawHub CLI

Package manager switcher

npx clawhub@latest install enterprise-legal-guardrails-public
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description align with code and SKILL.md: deterministic text rules, profiles, thresholds, and a wrapper to gate execution of outbound commands. Nothing in the package requests unrelated credentials, binaries, or platform access.
Instruction Scope
Runtime instructions are focused on preflight checks for outbound text and providing a guard_and_run wrapper to execute allowed commands after checks. The wrapper will run subprocesses and can sanitize the environment and write audit logs; this is expected for a universal outbound adapter but is an area to review in deployment (see guidance).
Install Mechanism
No install spec (instruction-only packaging) and the code is dependency-free Python scripts. Nothing is downloaded from an external URL during install.
Credentials
The skill declares no required environment variables or credentials. The SKILL.md and scripts reference multiple optional tuning env vars (scopes, thresholds, allowlist, audit-log, approval token) that are proportionate to a guardrail wrapper's configuration—no unrelated secret exfiltration variables are requested.
Persistence & Privilege
always:false and model invocation is allowed (platform default). The only elevated capability is the guard_and_run wrapper's ability to execute configured subprocesses; this is intentionally the skill's purpose and the code enforces allowlist checks, sanitize-env, and audit logging. Ensure these controls are configured before enabling autonomous invocation in production.
Assessment
This package appears to be what it says: a local, deterministic guardrail checker plus a wrapper that will run allowed outbound commands. Before installing or enabling it in production: 1) Verify the repository/source and review the Python files yourself (they run locally and spawn subprocesses). 2) Configure an explicit allowlist (ENTERPRISE_LEGAL_GUARDRAILS_ALLOWED_COMMANDS or --allowed-command); do not enable --allow-any-command in production. 3) Enable sanitize-env and configure keep-env/keep-prefix conservatively so sensitive credentials are not leaked to spawned commands. 4) Configure audit logging (ENTERPRISE_LEGAL_GUARDRAILS_AUDIT_LOG) and review logs regularly. 5) If you permit autonomous agent invocation of this skill, ensure the allowlist and strict mode are appropriate for your threat model. If you want to be extra cautious, run the checker-only (no guard_and_run) or require human review for REVIEW outcomes.

Like a lobster shell, security has layers — review code before you run it.

latestvk9717j2h0e1ms72gsah71j1bes81ezpt
699downloads
0stars
1versions
Updated 6h ago
v1.0.13
MIT-0
Lawyered@lawyered0
latest
Download

Enterprise Legal Guardrails

Use this skill to preflight bot output before posting, messaging, or publishing anything that could create legal/compliance risk.

What it is

A generic outbound guardrail checker used by workflows before execute actions such as post/comment/message/chat/send in any app.

When to use

  • Before create_post, create_comment, send_message, or equivalent publish actions.
  • Before market-related commentary, strategy claims, or price/certainty statements.
  • Before HR-sensitive or workplace-adjacent messaging.
  • Before anti-spam or coordination-heavy communications.
  • Before handling or exposing personal identifiers.

Workflow

  1. Draft text.
  2. Run the checker with the matching action/profile.
  3. If result is PASS/WATCH, proceed.
  4. If REVIEW, rewrite or route for human/legal review.
  5. If BLOCK, do not execute.

Use it as a shared OpenClaw outbound safety layer for any skill that publishes content. Babylon is only one current integration example, not the primary purpose of the skill.

Quick usage

python3 scripts/check_enterprise_guardrails.py \
  --action post \
  --app <app_name> \
  --policies social antispam hr \
  --text "Draft text here"

python3 scripts/check_enterprise_guardrails.py \
  --action comment \
  --scope include \
  --apps whatsapp,telegram \
  --text "Draft text here"

python3 scripts/check_enterprise_guardrails.py \
  --action market-analysis \
  --text "Market commentary..." \
  --json

App scope (global filtering)

Scope applies to any app-context passed with --app and these env vars (legacy names preserved for compatibility):

  • ENTERPRISE_LEGAL_GUARDRAILS_OUTBOUND_SCOPE (all|include|exclude)
  • ENTERPRISE_LEGAL_GUARDRAILS_OUTBOUND_APPS (comma-separated list)
  • BABYLON_GUARDRAILS_SCOPE
  • BABYLON_GUARDRAILS_OUTBOUND_SCOPE
  • BABYLON_GUARDRAILS_APPS

Examples:

  • all: check all outbound content.
  • include + whatsapp,email: only check those apps.
  • exclude + whatsapp,email,moltbook,babylon: everything except these apps.

If scope is omitted, default is all.

Profiles

  • social: public social text, comments, announcements.
  • antispam: unsolicited/pumping/coordinating messaging.
  • hr: workplace, hiring, performance, or employee conduct language.
  • privacy: personally identifying data and private information disclosures.
  • market: market/financial claims and outcome assertions.
  • legal: legal conclusions/implication language.

If no profile is provided, defaults are derived from --action:

  • post|comment|messagesocial,legal
  • trade|market-analysismarket,financial
  • genericlegal,social

Output

  • PASS: safe to execute
  • WATCH: low risk; optional rewrite
  • REVIEW: human/legal review recommended
  • BLOCK: do not execute

Tuning

You can tune decision sensitivity via environment variables (or CLI flags in direct runs):

  • ENTERPRISE_LEGAL_GUARDRAILS_REVIEW_THRESHOLD (default: 5)
  • ENTERPRISE_LEGAL_GUARDRAILS_BLOCK_THRESHOLD (default: 9)

CLI overrides:

  • --review-threshold
  • --block-threshold

Legacy aliases are supported in legacy env names: ELG_* and BABYLON_GUARDRAILS_*.

Universal outbound adapter (no-native integration path)

For skills/tools without native guardrail hooks (for example: Gmail, custom website publishing, custom message bots), run outbound operations through the wrapper:

python3 /path/to/enterprise-legal-guardrails/scripts/guard_and_run.py   --app <app_name>   --action <post|comment|message|trade|market-analysis|generic>   --text "$DRAFT"   -- <outbound command...>

Examples:

# Gmail via gog
python3 /path/to/enterprise-legal-guardrails/scripts/guard_and_run.py   --app gmail --action message   --text "Hello, ..."   -- gog gmail send --to user@domain.com --subject "Update" --body "Hello, ..."

# Website/publication publish flow
python3 /path/to/enterprise-legal-guardrails/scripts/guard_and_run.py   --app website --action post   --text "$POST_COPY"   -- npm run publish-post "$POST_COPY"

Use this wrapper to apply the same policy checks in non-Babylon outbound flows.

Compatibility

Legacy name legal-risk-checker is preserved in OpenClaw workspaces that still reference it.

References

See references/guardrail-policy-map.md for the full policy rule set and suggested rewrites.

Packaging

A distributable bundle is available at:

  • dist/enterprise-legal-guardrails.skill

Hardening controls for guard_and_run.py

For non-native outbound integrations, treat guard_and_run as an execution boundary. Recommended flags/env:

Execution safety is allowlist-first by default. Wrapper requires explicit --allowed-command (or env alias) unless --allow-any-command is explicitly enabled.

  • --allow-any-command / ENTERPRISE_LEGAL_GUARDRAILS_ALLOW_ANY_COMMAND
    • Explicitly bypass allowlist enforcement (unsafe; audit-first use only).
  • --suppress-allow-any-warning / ENTERPRISE_LEGAL_GUARDRAILS_SUPPRESS_ALLOW_ANY_WARNING
    • Suppresses the runtime safety warning when --allow-any-command is intentionally enabled.
  • --allow-any-command-reason / ENTERPRISE_LEGAL_GUARDRAILS_ALLOW_ANY_COMMAND_REASON
    • Mandatory rationale for any allow-any bypass invocation. Suggested format: SEC-1234: emergency fix.
  • --allow-any-command-approval-token / ENTERPRISE_LEGAL_GUARDRAILS_ALLOW_ANY_COMMAND_APPROVAL_TOKEN
    • Mandatory approval token for any allow-any bypass invocation; stored as a short token fingerprint in audit logs.
  • --allowed-command <exe...> / ENTERPRISE_LEGAL_GUARDRAILS_ALLOWED_COMMANDS
    • Allow-list executables (supports comma/space lists and wildcards).
  • --strict / ENTERPRISE_LEGAL_GUARDRAILS_STRICT
    • Escalate REVIEW to hard block.
  • --sanitize-env
  • --keep-env <VAR...> / --keep-env-prefix <PREFIX...>
  • --command-timeout, --checker-timeout, --max-text-bytes
  • --audit-log <file> / ENTERPRISE_LEGAL_GUARDRAILS_AUDIT_LOG

These flags provide execution safety, command scoping, and immutable trail for post-incident review without changing checker logic.

Comments

Loading comments...