agent-passport
OAuth for the agentic era — consent-gating for ALL sensitive agent actions including purchases, emails, file operations, system commands, and API calls. Provides spending caps, rate limits, allowlists, TTL expiry, audit trails, KYA (Know Your Agent) metadata, SSRF Shield, Path Traversal Guard, Webhook Origin Verification, Skill Scanner, and Injection Shield.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/markneville/agent-passportAgent Passport (OpenClaw)
30-Second Setup
# Initialize and register your agent
./mandate-ledger.sh init agent:my-assistant "Your Name" "personal assistant" "openclaw"
# Grant dev tool access (git, npm, docker, etc.)
./mandate-ledger.sh create-from-template dev-tools
# That's it! The agent will now check permissions before sensitive actions.
Templates available:
dev-tools·email-team <domain>·file-ops <path>·web-research·safe-browsing·coding·email-assistant·read-only·full-autoRun./mandate-ledger.sh templatesto see all options.
⚡ Agent Behavioral Contract
If you are an agent reading this skill, these are your rules. Follow them.
When to Check
Before performing ANY of these actions, you MUST call check-action first:
| Action | Category | Example target |
|---|---|---|
| Running a shell command | system | "git pull", "npm install" |
| Sending a message/email | communication | "[email protected]" |
| Writing/deleting a file | data | "/path/to/file.txt" |
| Making an API call with side effects | external_api | "api.github.com" |
| Spending money | financial | "merchant_amazon" with amount |
| Acting publicly as the user | identity | "twitter_post" |
You do NOT need to check: reading files, web searches, internal reasoning, or anything with no side effects.
How to Check
SCRIPT_DIR="$HOME/.openclaw/skills/agent-passport/scripts"
result=$($SCRIPT_DIR/mandate-ledger.sh check-action "<your_agent_id>" "<category>" "<target>" [amount])
Parse the result:
authorized: true→ proceed, then log the action afterwardauthorized: false→ STOP. Ask the user.- If response includes
kill_switch: trueor reasonKill switch engaged→ STOP immediately and ask user to runmandate-ledger.sh unlock
The Flow
1. You want to do something sensitive
2. Call check-action
3. IF authorized:
a. Do the thing
b. Log it: mandate-ledger.sh log-action <mandate_id> <amount> "<description>"
4. IF denied:
a. Tell the user what you want to do and why
b. Suggest a mandate (show scope, duration, constraints)
c. Wait for approval
d. If approved, create the mandate, then proceed
How to Ask for Permission
When denied, present it clearly and concisely:
I need to [ACTION] but don't have a mandate for it.
📋 [CATEGORY]: [what you want to do]
🎯 Target: [specific target]
⏰ Suggested duration: [reasonable TTL]
Want me to set this up? I can also create a broader mandate if you'd
prefer (e.g., all emails to @company.com for 30 days).
DO NOT:
- Bypass the check and do it anyway
- Ask repeatedly for the same thing if denied
- Create mandates yourself without user approval
- Pretend you checked when you didn't
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-markneville-agent-passport": {
"enabled": true,
"auto_update": true
}
}
}