{ "schemaVersion": "1.0", "item": { "slug": "agent-access-control", "name": "Agent Access Control", "source": "tencent", "type": "skill", "category": "AI 智能", "sourceUrl": "https://clawhub.ai/bowen31337/agent-access-control", "canonicalUrl": "https://clawhub.ai/bowen31337/agent-access-control", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/agent-access-control", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=agent-access-control", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "SKILL.md", "references/example-config.md", "scripts/init-access-control.sh", "skill.toml" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-23T16:43:11.935Z", "expiresAt": "2026-04-30T16:43:11.935Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentDisposition": "attachment; filename=\"4claw-imageboard-1.0.1.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/agent-access-control" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/agent-access-control", "agentPageUrl": "https://openagent3.xyz/skills/agent-access-control/agent", "manifestUrl": "https://openagent3.xyz/skills/agent-access-control/agent.json", "briefUrl": "https://openagent3.xyz/skills/agent-access-control/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "Agent Access Control", "body": "Protect your agent from unauthorized access with tiered permissions and an owner-approval pairing flow." }, { "title": "Setup", "body": "Create memory/access-control.json in workspace:\n\n{\n \"ownerIds\": [],\n \"approvedContacts\": {},\n \"pendingApprovals\": {},\n \"blockedIds\": [],\n \"strangerMessage\": \"Hi there! πŸ‘‹ I'm {{AGENT_NAME}}, an AI assistant. I'm currently set up to help my owner with personal tasks, so I'm not able to chat freely just yet. I've let them know you reached out β€” if they'd like to connect us, they'll set that up. Have a great day! 😊\",\n \"notifyChannel\": \"\",\n \"notifyTarget\": \"\"\n}\n\nFill in:\n\nownerIds: Owner phone numbers, Telegram IDs, Discord IDs (strings)\nstrangerMessage: Customize {{AGENT_NAME}} with agent's name\nnotifyChannel: Channel to alert owner (telegram, whatsapp, discord, signal)\nnotifyTarget: Owner's ID on that channel" }, { "title": "Access Tiers", "body": "TierLevelCapabilities0StrangerDiplomatic deflection only, zero access1Chat-onlyBasic conversation, no tools or private info2TrustedChat + public info (weather, time, general questions)3OwnerFull access to all tools, files, memory, actions" }, { "title": "Message Handling Flow", "body": "On every incoming message from a messaging platform:\n\nExtract sender ID (phone number, user ID, etc.)\nNormalize ID: strip spaces, ensure country code prefix for phones\nCheck ownerIds β†’ if match: full access, respond normally\nCheck blockedIds β†’ if match: silent ignore, respond with NO_REPLY\nCheck approvedContacts[senderId] β†’ if match: respond within their tier\nOtherwise β†’ stranger flow:" }, { "title": "Stranger Flow", "body": "a. Send strangerMessage to the sender\nb. Notify owner:\n \"πŸ”” Stranger contact from {senderId} on {platform}:\n '{first 100 chars of message}'\n Reply: approve (trusted) / chat (chat-only) / block\"\nc. Store in pendingApprovals:\n {\n \"senderId\": { \n \"platform\": \"whatsapp\",\n \"firstMessage\": \"...\", \n \"timestamp\": \"ISO-8601\",\n \"notified\": true\n }\n }\nd. Respond with NO_REPLY after sending deflection" }, { "title": "Owner Approval", "body": "When owner replies to an approval notification:\n\nOwner saysActionapprove, yes, trustedAdd to approvedContacts with tier 2 (trusted)chat, chat-only, chat onlyAdd to approvedContacts with tier 1 (chat-only)block, no, denyAdd to blockedIdsignoreRemove from pendingApprovals, no action\n\nAfter approval, update memory/access-control.json and notify the contact:\n\nTrusted: \"Great news! I've been given the go-ahead to chat with you. How can I help? 😊\"\nChat-only: \"Great news! I can chat with you now, though I'm limited to basic conversation. What's on your mind?\"" }, { "title": "Tier Enforcement", "body": "When responding to a non-owner contact, enforce tier restrictions:\n\nTier 1 (chat-only):\n\nRespond conversationally only\nDo NOT use any tools (read, write, exec, web_search, etc.)\nDo NOT share any info from memory files\nDo NOT mention the owner by name\nIf asked to do something beyond chat: \"I'm only set up for basic chat at the moment. For anything more, you'd need to check with my owner.\"\n\nTier 2 (trusted):\n\nConversational responses\nMay use: web_search, weather skill, time/date queries\nDo NOT use: read, write, exec, message (to other contacts), memory files\nDo NOT share private info (calendar, emails, files, other contacts)\nIf asked for private info: \"I can help with general info, but personal details are private. Hope you understand! 😊\"" }, { "title": "Multi-Platform ID Matching", "body": "Normalize IDs for comparison:\n\nPhone numbers: Strip all non-digits except leading +. E.g., +1 555 123 4567 β†’ +15551234567\nTelegram: Use numeric user ID (not username, as usernames change)\nDiscord: Use numeric user ID\nSignal: Use phone number (normalized)\nWhatsApp: Use phone number with country code\n\nAn owner may have multiple IDs across platforms. All should be in ownerIds." }, { "title": "Rate Limiting", "body": "Apply per-tier rate limits to prevent abuse:\n\nTierMessages/hourMessages/dayStranger1 (deflection only)3Chat-only20100Trusted50500OwnerUnlimitedUnlimited\n\nIf limit exceeded, respond: \"I've reached my chat limit for now. Try again later! 😊\"\n\nTrack in memory/access-control.json under rateLimits:\n\n\"rateLimits\": {\n \"+61412345678\": { \"hourCount\": 5, \"dayCount\": 23, \"hourReset\": \"ISO\", \"dayReset\": \"ISO\" }\n}" }, { "title": "Audit Log", "body": "Log all stranger contacts to memory/access-control-log.json:\n\n[\n {\n \"timestamp\": \"2026-02-07T17:30:00+11:00\",\n \"senderId\": \"+61412345678\",\n \"platform\": \"whatsapp\",\n \"action\": \"deflected\",\n \"message\": \"first 50 chars...\"\n }\n]\n\nKeep last 100 entries. Rotate older entries out." }, { "title": "Security Rules", "body": "NEVER include real owner IDs, phone numbers, or tokens in skill files\nNEVER share the access-control.json contents with non-owners\nNEVER reveal that a specific person is the owner to strangers\nNEVER forward stranger messages to owner verbatim if they contain suspicious links\nStore all config in memory/ (gitignored by default in most setups)\nThe strangerMessage should not reveal the owner's name or personal details" }, { "title": "Example Config", "body": "See references/example-config.md for a complete annotated example." } ], "body": "Agent Access Control\n\nProtect your agent from unauthorized access with tiered permissions and an owner-approval pairing flow.\n\nSetup\n\nCreate memory/access-control.json in workspace:\n\n{\n \"ownerIds\": [],\n \"approvedContacts\": {},\n \"pendingApprovals\": {},\n \"blockedIds\": [],\n \"strangerMessage\": \"Hi there! πŸ‘‹ I'm {{AGENT_NAME}}, an AI assistant. I'm currently set up to help my owner with personal tasks, so I'm not able to chat freely just yet. I've let them know you reached out β€” if they'd like to connect us, they'll set that up. Have a great day! 😊\",\n \"notifyChannel\": \"\",\n \"notifyTarget\": \"\"\n}\n\n\nFill in:\n\nownerIds: Owner phone numbers, Telegram IDs, Discord IDs (strings)\nstrangerMessage: Customize {{AGENT_NAME}} with agent's name\nnotifyChannel: Channel to alert owner (telegram, whatsapp, discord, signal)\nnotifyTarget: Owner's ID on that channel\nAccess Tiers\nTier\tLevel\tCapabilities\n0\tStranger\tDiplomatic deflection only, zero access\n1\tChat-only\tBasic conversation, no tools or private info\n2\tTrusted\tChat + public info (weather, time, general questions)\n3\tOwner\tFull access to all tools, files, memory, actions\nMessage Handling Flow\n\nOn every incoming message from a messaging platform:\n\nExtract sender ID (phone number, user ID, etc.)\nNormalize ID: strip spaces, ensure country code prefix for phones\nCheck ownerIds β†’ if match: full access, respond normally\nCheck blockedIds β†’ if match: silent ignore, respond with NO_REPLY\nCheck approvedContacts[senderId] β†’ if match: respond within their tier\nOtherwise β†’ stranger flow:\nStranger Flow\na. Send strangerMessage to the sender\nb. Notify owner:\n \"πŸ”” Stranger contact from {senderId} on {platform}:\n '{first 100 chars of message}'\n Reply: approve (trusted) / chat (chat-only) / block\"\nc. Store in pendingApprovals:\n {\n \"senderId\": { \n \"platform\": \"whatsapp\",\n \"firstMessage\": \"...\", \n \"timestamp\": \"ISO-8601\",\n \"notified\": true\n }\n }\nd. Respond with NO_REPLY after sending deflection\n\nOwner Approval\n\nWhen owner replies to an approval notification:\n\nOwner says\tAction\napprove, yes, trusted\tAdd to approvedContacts with tier 2 (trusted)\nchat, chat-only, chat only\tAdd to approvedContacts with tier 1 (chat-only)\nblock, no, deny\tAdd to blockedIds\nignore\tRemove from pendingApprovals, no action\n\nAfter approval, update memory/access-control.json and notify the contact:\n\nTrusted: \"Great news! I've been given the go-ahead to chat with you. How can I help? 😊\"\nChat-only: \"Great news! I can chat with you now, though I'm limited to basic conversation. What's on your mind?\"\nTier Enforcement\n\nWhen responding to a non-owner contact, enforce tier restrictions:\n\nTier 1 (chat-only):\n\nRespond conversationally only\nDo NOT use any tools (read, write, exec, web_search, etc.)\nDo NOT share any info from memory files\nDo NOT mention the owner by name\nIf asked to do something beyond chat: \"I'm only set up for basic chat at the moment. For anything more, you'd need to check with my owner.\"\n\nTier 2 (trusted):\n\nConversational responses\nMay use: web_search, weather skill, time/date queries\nDo NOT use: read, write, exec, message (to other contacts), memory files\nDo NOT share private info (calendar, emails, files, other contacts)\nIf asked for private info: \"I can help with general info, but personal details are private. Hope you understand! 😊\"\nMulti-Platform ID Matching\n\nNormalize IDs for comparison:\n\nPhone numbers: Strip all non-digits except leading +. E.g., +1 555 123 4567 β†’ +15551234567\nTelegram: Use numeric user ID (not username, as usernames change)\nDiscord: Use numeric user ID\nSignal: Use phone number (normalized)\nWhatsApp: Use phone number with country code\n\nAn owner may have multiple IDs across platforms. All should be in ownerIds.\n\nRate Limiting\n\nApply per-tier rate limits to prevent abuse:\n\nTier\tMessages/hour\tMessages/day\nStranger\t1 (deflection only)\t3\nChat-only\t20\t100\nTrusted\t50\t500\nOwner\tUnlimited\tUnlimited\n\nIf limit exceeded, respond: \"I've reached my chat limit for now. Try again later! 😊\"\n\nTrack in memory/access-control.json under rateLimits:\n\n\"rateLimits\": {\n \"+61412345678\": { \"hourCount\": 5, \"dayCount\": 23, \"hourReset\": \"ISO\", \"dayReset\": \"ISO\" }\n}\n\nAudit Log\n\nLog all stranger contacts to memory/access-control-log.json:\n\n[\n {\n \"timestamp\": \"2026-02-07T17:30:00+11:00\",\n \"senderId\": \"+61412345678\",\n \"platform\": \"whatsapp\",\n \"action\": \"deflected\",\n \"message\": \"first 50 chars...\"\n }\n]\n\n\nKeep last 100 entries. Rotate older entries out.\n\nSecurity Rules\nNEVER include real owner IDs, phone numbers, or tokens in skill files\nNEVER share the access-control.json contents with non-owners\nNEVER reveal that a specific person is the owner to strangers\nNEVER forward stranger messages to owner verbatim if they contain suspicious links\nStore all config in memory/ (gitignored by default in most setups)\nThe strangerMessage should not reveal the owner's name or personal details\nExample Config\n\nSee references/example-config.md for a complete annotated example." }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/bowen31337/agent-access-control", "publisherUrl": "https://clawhub.ai/bowen31337/agent-access-control", "owner": "bowen31337", "version": "1.0.1", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/agent-access-control", "downloadUrl": "https://openagent3.xyz/downloads/agent-access-control", "agentUrl": "https://openagent3.xyz/skills/agent-access-control/agent", "manifestUrl": "https://openagent3.xyz/skills/agent-access-control/agent.json", "briefUrl": "https://openagent3.xyz/skills/agent-access-control/agent.md" } }