🛡️ Openclaw Skill — 治理引擎

v2.2.0

SENTINEL/CORD治理引擎，在agent调用exec/write/browser/network/message等工具前强制执行预检策略，确保操作合规安全。

0· 525·0 当前·0 累计

by @zanderone1980 (zander)

安全智能体工作流

下载技能包

最后更新

2026/4/22

安全扫描

VirusTotal

可疑

查看报告

OpenClaw

安全

medium confidence

NULL

评估建议

This skill is coherent with its stated purpose, but it delegates decision-making to an external Python package (cord_engine) that is not bundled here. Before installing/using: (1) verify the origin and integrity of the cord_engine implementation (pip package source or local repo) — do not point CORD_ENGINE_PATH to untrusted locations; (2) avoid including secrets, credentials, or sensitive tokens in the Proposal fields (command text, raw_input) because proposals may be logged in the audit; (3) re...

详细分析 ▾

✓ 用途与能力

The name/description (CORD/SENTINEL governance pre‑flight) aligns with the included SKILL.md and small helper script: requiring python3 and calling into a cord_engine API is expected for this purpose. No unrelated binaries, credentials, or config paths are requested.

ℹ 指令范围

Instructions consistently require sending proposed actions (full command text, grants, network targets, or raw external input) to cord_engine for evaluation. This is coherent for a governance layer, but it means potentially sensitive data (commands, file paths, passphrases) could be included in proposals and logged. The SKILL.md does not instruct the agent to read unrelated system files, but it does encourage passing full command text and raw_input for scanning.

✓ 安装机制

Instruction-only skill with no install spec and a tiny included status script. No downloads or archive extraction. Low install risk.

ℹ 凭证需求

The skill requests no credentials and no required env vars. It optionally uses CORD_ENGINE_PATH to locate the cord_engine implementation — that env var should point to trusted code. Because proposals include full command text and raw inputs, users should avoid placing secrets in those fields to prevent logging/exfiltration.

✓ 持久化与权限

The skill is not force‑included (always:false), and model invocation is allowed (default). It does not modify other skills or system settings. It only advises using a third‑party cord_engine module which lives in the user's environment.

安全有层次，运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv2.2.02026/2/23

NULL

● 可疑

安装命令

点击复制

官方npx clawhub@latest install cord-sentinel

镜像加速npx clawhub@latest install cord-sentinel --registry https://cn.longxiaskill.com

数据来源：ClawHub ↗ · 中文优化：龙虾技能库