ClawKit Logo
ClawKitReliability Toolkit
Back to Registry
Official Verified system Safety 5/5

governance-guard

Structural authority separation for autonomous agent actions. Three-phase governance pipeline: PROPOSE, DECIDE, PROMOTE. No action is both proposed and approved by the same computational pathway.

Why use this skill?

Enforce structural authority separation in OpenClaw with the governance-guard skill. Implement PROPOSE-DECIDE-PROMOTE pipelines for maximum agent safety.

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/devongenerally-png/governance-guard
Or

What This Skill Does

governance-guard is the foundational security layer for the OpenClaw AI framework, designed to enforce structural authority separation on all autonomous agent actions. It operates on a strict three-phase pipeline: PROPOSE, DECIDE, and PROMOTE. By decoupling the generation of an action from its execution, this skill ensures that no computational pathway can unilaterally approve its own high-stakes requests. This architectural constraint prevents "hallucinated" or unintended destructive behaviors, creating a tamper-evident audit trail via a hash-chained witness log.

Installation

To integrate this safety layer into your environment, run the following command via the OpenClaw CLI: clawhub install openclaw/skills/skills/devongenerally-png/governance-guard Ensure that your environment has sufficient permissions to access the configuration directory located at ~/.openclaw/governance/, as the agent requires read/write access to maintain the witness.jsonl audit log and local policy files.

Use Cases

Governance-guard is essential for any environment where the AI agent has permissions to perform sensitive operations. Use it for:

  1. Automated Infrastructure Management: Enforcing that a server deletion or network configuration change is always audited.
  2. Sensitive Data Operations: Controlling access to financial or personal records by requiring escalation for data-sensitive actions.
  3. Development Pipelines: Protecting production branches by ensuring that every push or deployment code-execution is validated against a known policy file.

Example Prompts

  1. "Perform a system cleanup by deleting all files in the /temp directory. Use the standard governance policy for this operation."
  2. "Update our production environment API keys using the provided configuration, ensuring that the governance-guard approves the network-access requirement."
  3. "Run the following SQL migration script on the database, but escalate if any foreign key constraints are modified."

Tips & Limitations

  • Fail-Closed Guarantee: If the governance evaluation process encounters an error, it defaults to DENY. Do not attempt to bypass this by removing policy files, as the agent will automatically lock all executable actions.
  • Audit Regularly: Utilize npx tsx scripts/governance.ts verify frequently to ensure the integrity of the witness chain.
  • Policy Selection: For production environments, always use the strict preset. Use minimal only in sandboxed, non-production environments to avoid deployment friction.
Read Full Documentation on GitHub

Metadata

Author@devongenerally-png
Stars2387
Views1
Updated2026-03-09
View Author Profile
AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill
Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-devongenerally-png-governance-guard": {
      "enabled": true,
      "auto_update": true
    }
  }
}

Tags(AI)

#security#governance#compliance#automation-safety#audit
Safety Score: 5/5

Flags: network-access, file-write, file-read, code-execution