Value Aware Guard
v0.7.0价值守护系统:监控价值漂移,检查边界违规,执行渐进式干预,支持独立CLI和proactive-engine协作。触发条件:价值偏离检测、边界违规、能量低警报、用户模式发现。
⭐ 0· 62·0 current·0 all-time
byLouis Z.@zhaoguoqiang-hub
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (value monitoring, boundary checks, interventions) aligns with the included scripts and reference docs. The code implements drift assessment, boundary checks, intervention levels, and a file-based signal system, which are coherent with the stated purpose. The only resource access beyond ephemeral runtime is file I/O under ~/.openclaw/workspace/.soul — consistent with a local guard/agent integration.
Instruction Scope
SKILL.md instructs running node scripts and using --process-signal to integrate with a proactive engine. The runtime code persists state (config, state, user-values, interventions, signals) and reads/writes files in the user's HOME workspace. SKILL.md does not explicitly surface that it will create persistent files and by default can perform automatic interventions (config option exists). Behavior stays within the domain of the skill but the persistence/automatic-intervention behavior should be noted by users.
Install Mechanism
No install spec provided; this is instruction+code packaged with a package.json listing common npm deps (date-fns, commander, chalk). No remote downloads, URL shorteners, or extract-from-URL installs are present. Typical npm install is expected; no high-risk install mechanism detected.
Credentials
The skill requests no credentials or special environment variables. It uses process.env.HOME to determine a workspace directory and creates/reads files there. No evidence of accessing unrelated secrets or external service tokens. File access is local and proportional to the skill's purpose of storing user values, state, and signals.
Persistence & Privilege
The skill persists configuration, state, user-values, interventions, and a signals queue under ~/.openclaw/workspace/.soul and defaults in code/config to enableAutomaticInterventions=true and publish* signals. always:false (no forced inclusion). Because the agent can invoke the skill autonomously (platform default) and the skill can perform automatic interventions and write persistent records, users should be aware of the local persistent footprint and default automatic behavior before enabling it broadly.
Assessment
This skill appears to do what it says, but it creates persistent files and can act automatically. Before installing or enabling it for an agent: 1) Review the source (provided) and confirm you’re comfortable with files being created under ~/.openclaw/workspace/.soul (config, state, user-values, interventions, signals). 2) Consider running it in a sandbox/container or with a test user account first. 3) Run npm install and npm test locally to verify behavior. 4) Inspect and, if desired, set enableAutomaticInterventions = false in the saved config (guard-config.json) before allowing autonomous runs so interventions require explicit user action. 5) Search the code for network calls before deployment (none were found in the provided files), and if you integrate with other systems, audit those connectors. 6) Backup any existing .openclaw workspace before first run. If you want a stricter posture, disable automatic interventions and signal publishing until you’ve validated behavior.Like a lobster shell, security has layers — review code before you run it.
latestvk97ctcjz8z13weqa3q144x36y5842bgz
License
MIT-0
Free to use, modify, and redistribute. No attribution required.