📦 War/Den Governance — 策略治理审计
v1.0.0使用 YAML 策略对 OpenClaw 机器人所有操作进行事前评估与治理,防篡改审计日志支持允许、拒绝或强制复核,确保安全合规执行。
0· 295·0 当前·0 累计
by 下载技能包
最后更新
2026/2/28
安全扫描
OpenClaw
安全
medium confidenceNULL
评估建议
This skill appears to do what it says: enforce YAML policies locally and optionally call enterprise services when you provide API keys. Before installing:
- Review policies: inspect the built-in policies/policy_packs and any WARDEN_POLICY_FILE you plan to use so you understand what will be blocked/allowed/reviewed.
- Audit log & memory storage: the code writes a local audit DB (~/.warden/audit.db by default) and a local memory DB (configurable). Confirm these locations and file permissions are ...详细分析 ▾
✓ 用途与能力
The skill implements a policy engine, audit log, local memory, and optional clients for Sentinel_OS and EngramPort. Optional API keys and the network calls in the enterprise client match the documented 'Enterprise' upgrade path. The presence of many code files is consistent with a full governance implementation. Minor inconsistency: README/docs often state local SQLite under OpenClaw paths, but LocalAuditLog defaults to ~/.warden/audit.db (creates ~/.warden/) whereas other docs reference ~/.openclaw/memory/ — this is an implementation detail you should verify.
✓ 指令范围
SKILL.md limits actions to registering hooks (before_action/after_action/on_error), loading YAML policies, and optionally calling external services only when API keys are set. The runtime instructions do not ask the agent to read unrelated user files or secrets. Note: the governance engine will include action.data in audit and in requests to enterprise endpoints, which can contain sensitive content (e.g., full email metadata/content) depending on what OpenClaw passes to the hook.
✓ 安装机制
No hazardous install URL patterns are present. The project includes a standard pyproject.toml and suggests installation via ClawHub or pip (package metadata and entry point included). There is no download-from-arbitrary-URL installer in the provided manifest.
ℹ 凭证需求
Only optional credentials are declared (SENTINEL_API_KEY, ENGRAMPORT_API_KEY). Those map directly to described enterprise features. Important: when those keys are set the skill will transmit action payloads and memory content to external services (headers show X-API-Key or Bearer). This is proportionate to the enterprise use case but is high sensitivity — only set keys for services you trust.
ℹ 持久化与权限
The skill persists state (local SQLite memory and audit DB) and registers hooks that run on agent actions; autonomous invocation is allowed (platform default). This is expected for a governance skill, but note it will intercept every action and write audit events to disk (default audit DB path: ~/.warden/audit.db) and memory to configured DBs. There is no 'always: true' privilege escalation in the registry metadata.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/2/28
NULL
● 无害
安装命令
点击复制官方npx clawhub@latest install an2b-warden-governance
镜像加速npx clawhub@latest install an2b-warden-governance --registry https://cn.longxiaskill.com