技能详情(站内镜像,无评论)
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v1.0.0
统计:⭐ 0 · 15 · 0 current installs · 0 all-time installs
⭐ 0
安装量(当前) 0
🛡 VirusTotal :可疑 · OpenClaw :良性
Package:aakash2289/governclaw-middleware
安全扫描(ClawHub)
- VirusTotal :可疑
- OpenClaw :良性
OpenClaw 评估
The skill appears to do what it says — it forwards HTTP request metadata to a GovernClaw policy service and only executes requests if the service returns allow — but it will forward full request bodies and headers (including any secrets) to the configured GOVERNCLAW_URL, so the governance endpoint must be trusted.
目的
The code and SKILL.md implement a governed HTTP wrapper (governedHttp) that asks a GovernClaw endpoint for allow/block decisions before executing HTTP requests via the runtime's http tool. There are no unrelated binaries, credentials, or install steps requested. The implementation matches the stated purpose.
说明范围
The instructions and code forward request metadata (url, method, headers, body) plus runtime context fields (session/agent/source/channel/node ids) to the GovernClaw endpoint. This is consistent with a governance proxy, but it means sensitive headers and bodies (Authorization tokens, API keys, private data) will be transmitted to the GovernClaw service. SKILL.md does not specify any redaction or sanitization policy.
安装机制
No install spec is present (instruction-only skill with a single index.ts file). No downloads or archive extraction occur. This is low risk from an installation perspective.
证书
The registry metadata lists no required env vars, but both SKILL.md and the code reference GOVERNCLAW_URL (default http://127.0.0.1:8000). This is reasonable and proportional for a governance proxy, but the skill will send full request payloads and context fields to that endpoint, so the environment-configured URL must be trusted. The mismatch between registry metadata (no required env) and SKILL.md (mentions GOVERNCLAW_URL) is a minor inconsi…
持久
always is false and the skill does not request persistent system-level privileges or modify other skills' configs. It does not write files or install background services. Autonomous invocation is allowed (platform default) but not an additional privilege granted by this skill.
index.ts:11
Environment variable access combined with network send.
综合结论
This skill is coherent for enforcing policies, but you must trust the GovernClaw endpoint you configure. Before installing or enabling it: 1) Ensure GOVERNCLAW_URL points to a trusted, secure policy server (default is localhost for local testing). 2) Confirm the policy server's privacy/security practices — the skill will forward full request bodies and headers (including Authorization tokens and any sensitive data) along with session/agent ide…
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「GovernClaw Policy Enforcer」。简介:Governance middleware for OpenClaw agents. Wraps HTTP, shell, file, and browser…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/aakash2289/governclaw-middleware/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
---
name: governclaw-middleware
description: Governance middleware for OpenClaw agents. Wraps HTTP, shell, file, and browser actions with policy checks via GovernClaw before execution. Required tools - http. Environment variables - GOVERNCLAW_URL (default http://127.0.0.1:8000).
---
# GovernClaw Middleware
This skill provides **governed wrappers** for sensitive operations. It acts as a policy enforcement layer between agents and external systems.
## When to Use This Skill
**You MUST use governed tools from this skill instead of raw tools when:**
- Calling external HTTP APIs (`governedHttp` instead of `http`)
- Running shell commands (`governedShell` - future)
- Reading/writing files (`governedFile` - future)
- Controlling a browser (`governedBrowser` - future)
## How It Works
1. You call a governed tool (e.g., `governedHttp`)
2. The skill sends your request metadata to GovernClaw for policy evaluation
3. GovernClaw returns `allow` or `block` with a reason
4. If allowed: the underlying operation executes and returns results
5. If blocked: the operation is cancelled and you receive a block reason
## Available Tools
### governedHttp
Makes HTTP requests through the GovernClaw policy engine.
**Parameters:**
- `method` (string): HTTP method - "GET", "POST", "PUT", "DELETE"
- `url` (string): Target URL
- `body` (object, optional): Request body for POST/PUT
- `headers` (object, optional): Custom headers
**Returns:**
- On success: The HTTP response from the target
- On block: `{ ok: false, blocked: true, reason: "..." }`
**Example:**
```typescript
const result = await context.tools.governclawMiddleware.governedHttp({
method: "GET",
url: "https://api.example.com/data"
});
if (result.blocked) {
// Handle policy block
console.log("Blocked:", result.reason);
}
```
## Configuration
Set the GovernClaw service URL in your environment:
```bash
export GOVERNCLAW_URL="http://127.0.0.1:8000"
```
Or in `openclaw.json`:
```json
{
"skills": {
"governclaw-middleware": {
"env": {
"GOVERNCLAW_URL": "http://127.0.0.1:8000"
}
}
}
}
```
## Governance Context
The skill automatically forwards these context fields to GovernClaw:
- `parent_id`: The session ID (who owns the request)
- `child_id`: The agent ID (who is making the request)
- `source`: Where the request originated (agent, control, cron, etc.)
- `channel`: The channel ID (if applicable)
- `node_id`: The node ID (if applicable)
- `skill`: Always "governclaw-middleware"
## Error Handling
Always check for `blocked` in responses:
```typescript
const response = await context.tools.governclawMiddleware.governedHttp({...});
if (!response.ok && response.blocked) {
// Policy violation - do not retry
return { error: response.reason };
}
if (!response.ok) {
// Network or other error - may retry
return { error: "Request failed" };
}
// Success
return response.data;
```
## Policy Modes
GovernClaw supports three governance modes:
- **playground**: Log-only, actions always allowed
- **governed**: Default mode, enforce policies
- **strict**: Block on any uncertainty
The skill defaults to `governed` mode. Future versions may allow per-request mode overrides.