Official Verified developer tools Safety 5/5

policy-engine

Deterministic governance layer for OpenClaw tool execution. Enforces tool allowlists, deny patterns, path allowlists, risk tiers, dry-run mode, and escalation tracking via the before_tool_call hook. Every decision is logged for audit. Production-hardened with 88 tests and three deadlock classes fixed.

Why use this skill?

Secure your OpenClaw agents with the Policy Engine. Enforce tool allowlists, path restrictions, and risk tiers to prevent unauthorized actions.

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/joetomasone/policy-engine

Download Source Code (.zip)

What This Skill Does

The Policy Engine for OpenClaw is a production-hardened governance layer designed to bring deterministic control to autonomous agent operations. It functions as a middleware hook that intercepts all tool invocations before they execute. By enforcing granular control through tool allowlists, path restrictions, and risk-based escalation policies, it transforms unpredictable LLM behavior into a structured, audit-ready workflow. It is built to prevent common security risks such as prompt-injected path traversals, unintended shell execution, and unauthorized file system modifications, all while maintaining high performance and system stability.

Installation

To install, run the following command in your terminal:

clawhub install openclaw/skills/skills/joetomasone/policy-engine

After installation, activate it by updating your openclaw.json configuration file:

{
  "plugins": { "policy-engine": { "enabled": true } }
}

Use Cases

Sandboxed Agent Environments: Define restrictive tool profiles for sub-agents (e.g., a research agent restricted to read-only browser tools).
Regulatory Compliance: Audit every agent decision automatically to meet logging requirements for sensitive enterprise environments.
Risk Mitigation: Use T1 and T2 risk tiers to gate sensitive system-level commands, preventing agents from executing risky shell commands without prior escalation or oversight.
Path Guardrails: Protect critical directories (e.g., /etc, .ssh) from unauthorized write access by enforcing strictly defined workspace path allowlists.

Example Prompts

"Agent, please scan the current directory for todo.md files and summarize the remaining tasks, ensuring you only use read-only tools."
"Update the project configuration file in the safe workspace path with the new API endpoint."
"Attempt a system diagnostics check; if the policy engine blocks this due to risk tiering, inform me with the specific reason for denial."

Tips & Limitations

Dry-Run Mode: Utilize "dryRun": true during initial setup to observe how the engine handles your current agent workflows without interrupting actual operations.
Fail-Open Design: Note that the engine is designed to fail-open. While this ensures system availability, audit logs remain the primary source for identifying missed blocks.
Canonicalization: Always use absolute paths for your pathAllowlists to avoid ambiguity in resolution.
Break-Glass: Remember that the OPENCLAW_POLICY_BYPASS environment variable is strictly for emergencies; avoid its use in automated production pipelines to maintain audit integrity.

Read Full Documentation on GitHub

Metadata

Author@joetomasone

Stars1947

Updated2026-03-04

View Author Profile

AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill

Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-joetomasone-policy-engine": {
      "enabled": true,
      "auto_update": true
    }
  }
}

Related Skills

doctorbot-ci-validator

Stop failing in production. Validate your GitHub Actions, GitLab CI & Keep workflows offline with surgical precision. Born from Keep bounty research, perfected for agents.

bamontejano 4473