autonomy-gate
v1.0.1AI 에이전트의 외부 행동 전에 권한 레벨을 확인하고 평가해 안전한 운영과 단계별 자율성 관리를 지원합니다.
⭐ 0· 363·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description (autonomy gate) matches the actual instructions: checking a level, deciding allow/deny, probation rules, logs, and weekly review. The skill requires no external binaries or secrets and only manipulates local state files (references/state.json, references/action-log.jsonl, memory files), which is coherent for a gate/policy checker.
Instruction Scope
Instructions explicitly tell the agent to read/write local state and logs, consult a SOUL.md value file, request operator approval for forbidden actions, and send post-action reporting (heartbeat or DM). This is within purpose, but two items to note: (1) SOUL.md is referenced but not included in the package — the skill assumes another file exists; (2) the doc describes outbound actions (DM/email/heartbeat/alerts) and an emergency autonomous behavior after 6 hours of operator silence, which could lead to real external communications depending on available connectors. The SKILL.md does not itself include how credentials/connectors are provided, so there is ambiguity around who actually performs outbound sends.
Install Mechanism
Instruction-only skill with no install steps and no code files — this is low-risk and consistent with a policy/gating role. Nothing is downloaded or written beyond the declared local state/log files.
Credentials
No environment variables, credentials, or config paths are requested. The included references/state.json contains channel IDs and email addresses (expected for a gating policy). Because the skill doesn't ask for external credentials, it cannot itself perform privileged outbound actions — it only documents/controls them, which is proportionate.
Persistence & Privilege
always is false and the skill is user-invocable; it writes/updates its own state and logs in the repository (normal). One operational note: the emergency protocol allows the agent to perform certain actions if the operator is unresponsive for 6 hours — combined with the platform's default ability for autonomous invocation and any existing connectors, that could permit outbound activity. This is a behavior property to be aware of, not an intrinsic install-time privilege.
Assessment
This skill appears to be a coherent local 'autonomy gate' that reads/writes its own state and logs and enforces rules before external actions. Before installing: (1) ensure you control or inspect SOUL.md and any files the skill will read (they influence decisions); (2) confirm where and how outbound messages (Discord/email/heartbeat) are actually sent — ensure connectors/tokens are stored separately and require explicit operator consent; (3) review and restrict any automatic emergency behaviors (6-hour rule) if you do not want autonomous outbound actions; (4) monitor the skill's references/action-log.jsonl and memory files for unexpected entries. If you need stronger guarantees, ask the author to make the approval channel explicit and to require operator confirmation for any external-send operation.Like a lobster shell, security has layers — review code before you run it.
latestvk97cgd9m1rg6ey765ct944885183khym
License
MIT-0
Free to use, modify, and redistribute. No attribution required.