๐Ÿ”
12917 skills
โ† All skills
Tencent SkillHub ยท Security & Compliance

War/Den Governance

Evaluates and governs all OpenClaw bot actions using YAML policies with tamper-evident audit logs to allow, deny, or require review before execution.

skill openclawclawhub Free
0 Downloads
0 Stars
0 Installs
0 Score
High Signal

Evaluates and governs all OpenClaw bot actions using YAML policies with tamper-evident audit logs to allow, deny, or require review before execution.

โฌ‡ 0 downloads โ˜… 0 stars Unverified but indexed

Install for OpenClaw

Quick setup
  1. Download the package from Yavira.
  2. Extract the archive and review SKILL.md first.
  3. Import or place the package into your OpenClaw setup.

Requirements

Target platform
OpenClaw
Install method
Manual import
Extraction
Extract archive
Prerequisites
OpenClaw
Primary doc
SKILL.md

Package facts

Download mode
Yavira redirect
Package format
ZIP package
Source platform
Tencent SkillHub
What's included
.gitignore, clawhub.json, pyproject.toml, README.md, SKILL.md, UPGRADE.md

Validation

  • Use the Yavira download entry.
  • Review SKILL.md after the package is downloaded.
  • Confirm the extracted package contains the expected setup assets.

Install with your agent

Agent handoff

Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.

  1. Download the package from Yavira.
  2. Extract it into a folder your agent can access.
  3. Paste one of the prompts below and point your agent at the extracted folder.
New install

I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete.

Upgrade existing

I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run.

Open Send to Agent page Open JSON manifest Open Markdown brief

Trust & source

Release facts

Source
Tencent SkillHub
Verification
Indexed source record
Version
1.0.0

Documentation

ClawHub primary doc Primary doc: SKILL.md 20 sections Open source page

War/Den Governance Skill

ClawHub Package: an2b/warden-governance Version: 1.0.0 Category: Governance & Security License: MIT

What This Skill Does

Every action your OpenClaw bot tries to take is evaluated by War/Den before it executes. Your Bot -> War/Den check -> ALLOW -> action executes -> DENY -> action blocked + logged -> REVIEW -> waits for your approval No more deleted emails. No more data exfiltration. No more ungoverned agents. Community mode works with zero external dependencies. No API keys. No cloud. Just YAML policies, a local SQLite audit log, and a hash chain you can verify.

From ClawHub (recommended)

openclaw skill install an2b/warden-governance

From pip

pip install warden-governance-skill Both methods install to: ~/.openclaw/skills/warden-governance/ On successful install you'll see: ๐Ÿฆž War/Den governance active. Your OpenClaw bot is now governed.

Add to your OpenClaw config

skills: - name: warden-governance config: SENTINEL_API_KEY: "" # optional -- leave blank for community mode ENGRAMPORT_API_KEY: "" # optional -- leave blank for local memory WARDEN_FAIL_OPEN: "false" # block on governance failure (default)

Restart your bot

openclaw restart That's it. Your bot is now governed.

Hooks

This skill registers three OpenClaw hooks: HookPurposebefore_actionEvaluate every action against policy before executionafter_actionWrite action result to governed memoryon_errorLog errors to tamper-evident audit trail

Action Bridge

All 15 OpenClaw action types are mapped to War/Den governance types: OpenClaw ActionWar/Den TypeDefault Protectionemail.sendmessage.sendMonitoredemail.deletedata.writeRequires human reviewemail.readdata.readMonitoredfile.writedata.writeMonitoredfile.deletedata.writeRequires human reviewfile.readdata.readMonitoredbrowser.navigateapi.callMonitoredbrowser.clickapi.callMonitoredshell.executecode.executeBlocked in productionapi.callapi.callMonitoredcalendar.createdata.writeMonitoredcalendar.deletedata.writeRequires human reviewmessage.sendmessage.sendMonitoredcode.executecode.executeBlocked in productionpayment.createapi.callRequires human review

Policy Engine

Policies are YAML files evaluated in priority order: policies: - name: protect-email-delete match: action.type: data.write action.data.openclaw_original: email.delete decision: review mode: enforce priority: 1 active: true reason: "Email deletion requires human review." Evaluation rules: Filter to active policies only Sort by priority ascending (lower number = higher priority) First match wins mode: monitor -- log but return ALLOW mode: enforce -- return the matched decision No match -- default ALLOW

Pre-built Policy Packs

Load governance instantly with built-in packs: PackWhat It Doesbasic_safetyBlocks code execution in prod, monitors writes and API callsphi_guardDenies PHI access in dev, requires review for memory exportpayments_guardDenies payment actions in dev, requires review in prod

Audit Trail

Every governance decision is written to a tamper-evident SHA-256 hash chain: Event N: hash = SHA256(prev_hash + agent_id + action_type + decision + timestamp) Event N+1: prev_hash = Event N hash Verify the chain at any time: valid, bad_event_id = audit_log.verify_chain()

Decision Cache

ALLOW decisions are cached for 5 minutes (configurable). DENY and REVIEW are never cached -- they always hit the governance engine fresh.

Community vs Enterprise

FeatureCommunity (Free)EnterprisePolicy enforcementLocal YAMLSentinel_OS cloudAudit trailLocal SQLite + hash chainCloud + signed PDFMemory storageLocal SQLiteEngramPort cloud (MandelDB)Memory searchText search (LIKE)Vector search (3072-dim)SynthesisBasic recallEidetic AI synthesisCross-bot memory--Orchestra multi-agentMulti-namespace3 maxUnlimitedCompliance export--SOC2/HIPAA PDFCryptographic provenanceLocal hash chainAEGIS (SHA-256 + RSA)DependenciesZerosentinel-client, engramport-langchain

Mode Matrix

SENTINEL_API_KEYENGRAMPORT_API_KEYMode----Full CommunitySet--Governed Community--SetMemory EnterpriseSetSetFull Enterprise All four modes work with zero code changes. Just environment variables.

Sentinel_OS (Governance)

Set SENTINEL_API_KEY to upgrade governance from local YAML to Sentinel_OS cloud: Real-time policy evaluation via /api/v1/check Pre-flight checks via /api/v1/check (read-only, no side effects) Action logging via /api/v1/ingest with hash chain integrity Run management, alerting, and AI-powered insights Python and Node.js SDKs Rate limiting: 2000 checks/min, 1000 ingests/min per API key Get your key at getsentinelos.com

EngramPort (Memory via MandelDB)

Set ENGRAMPORT_API_KEY to upgrade memory from local SQLite to EngramPort cloud: 5 endpoints: /register, /remember, /recall, /reflect, /stats 3072-dimensional OpenAI embeddings via Pinecone AEGIS cryptographic provenance (SHA-256 + RSA signature per memory) Namespace-isolated storage (bot:{slug}:{uid}) Eidetic cross-memory pattern synthesis via GPT-4o-mini Multi-agent orchestration with EngramPortOrchestra Background synthesis with DreamState LangChain drop-in integration API keys use format ek_bot_* with SHA-256 hashed storage. Get your key at engram.eideticlab.com

Configuration

VariableRequiredDefaultDescriptionSENTINEL_API_KEYNo""Sentinel_OS key. Blank = community governanceENGRAMPORT_API_KEYNo""EngramPort key. Blank = local memoryWARDEN_FAIL_OPENNofalseAllow on governance failureWARDEN_AGENT_IDNoopenclaw-agentBot identifierWARDEN_POLICY_FILENobuilt-inPath to custom YAML policy fileWARDEN_POLICY_PACKSNo""Comma-separated pack namesWARDEN_MEMORY_DBNo~/.warden/memory.dbLocal memory pathWARDEN_AUDIT_DBNo~/.warden/audit.dbLocal audit log pathWARDEN_CACHE_TTLNo300ALLOW cache TTL in seconds

Fail-Open Behavior

WARDEN_FAIL_OPENWar/Den reachableWar/Den unreachablefalse (default)Normal governanceAction BLOCKEDtrueNormal governanceAction ALLOWED + warning Default is false because a governance failure should never silently allow dangerous actions.

Test Proof

This skill ships with a comprehensive test suite. Run it: python -m pytest tests/ -v Key test: The Meta inbox test simulates the exact incident where an OpenClaw agent deleted 200 emails. With War/Den, all 200 are blocked: def test_meta_researcher_inbox_protection(self, tmp_path): """Simulate the exact Meta inbox incident. All 200 emails blocked.""" skill = _make_skill(tmp_path, WARDEN_POLICY_FILE=policy_path) blocked = 0 for i in range(200): result = skill.before_action( {"type": "email.delete", "data": {"email_id": f"msg_{i}"}}, {"agent_id": "meta-researcher-bot", "env": "prod"}, ) if not result["proceed"]: blocked += 1 assert blocked == 200

Skill Files

warden-governance-skill/ โ”œโ”€โ”€ SKILL.md # This file (ClawHub primary) โ”œโ”€โ”€ clawhub.json # ClawHub registry metadata โ”œโ”€โ”€ README.md # Full documentation โ”œโ”€โ”€ pyproject.toml # Python package config โ”œโ”€โ”€ policies/ โ”‚ โ”œโ”€โ”€ openclaw_default.yaml # Default governance policies โ”‚ โ””โ”€โ”€ policy_packs.py # Pre-built policy packs โ”œโ”€โ”€ warden_governance/ โ”‚ โ”œโ”€โ”€ __init__.py โ”‚ โ”œโ”€โ”€ skill.py # Main skill class (hooks) โ”‚ โ”œโ”€โ”€ action_bridge.py # OpenClaw <-> War/Den translation โ”‚ โ”œโ”€โ”€ policy_engine.py # Community policy engine โ”‚ โ”œโ”€โ”€ audit_log.py # SHA-256 hash chain audit โ”‚ โ”œโ”€โ”€ memory_client.py # Governed memory operations โ”‚ โ”œโ”€โ”€ local_store.py # Local SQLite memory โ”‚ โ”œโ”€โ”€ sentinel_client.py # Enterprise Sentinel_OS client โ”‚ โ”œโ”€โ”€ engramport_client.py # Enterprise EngramPort client โ”‚ โ”œโ”€โ”€ upgrade_manager.py # Mode detection + banner โ”‚ โ”œโ”€โ”€ health_check.py # Enterprise health validation โ”‚ โ””โ”€โ”€ settings.py # Configuration โ””โ”€โ”€ tests/ โ”œโ”€โ”€ __init__.py โ”œโ”€โ”€ test_skill.py # Skill + Meta inbox tests โ”œโ”€โ”€ test_policy_engine.py # Policy engine tests โ”œโ”€โ”€ test_audit_log.py # Audit trail tests โ”œโ”€โ”€ test_action_bridge.py # Action bridge tests โ”œโ”€โ”€ test_memory.py # Memory client tests โ””โ”€โ”€ test_enterprise.py # Enterprise upgrade tests Built on Sentinel_OS and EngramPort by AN2B Technologies The lobster protects the inbox.

Category context

Identity, auth, scanning, governance, audit, and operational guardrails.

Source: Tencent SkillHub

Largest current source with strong distribution and engagement signals.

Package contents

Included in package
3 Docs2 Files1 Config
  • SKILL.md Primary doc
  • README.md Docs
  • UPGRADE.md Docs
  • clawhub.json Config
  • .gitignore Files
  • pyproject.toml Files

Related skills

Tencent SkillHub Free

1-SEC: All-in-One Cybersecurity for AI Agent Hosts

Install, configure, and manage 1-SEC โ€” an open-source, all-in-one cybersecurity platform (16 modules, single binary) on Linux servers and VPS instances. Use...

Security & Compliance skill openclaw
Tencent SkillHub Free

A SecOps expert to handle security issues, ensure that protections are in place and collect evidence for security analysis. The Skill also contains skill integrity checks.

Perform SecOps endpoint checks for EDR, Sysmon, updates, EVTX alerts, least privilege, network exposure, credential protection, vulnerabilities, weekly asses...

Security & Compliance skill openclaw
Tencent SkillHub Free

AI Compliance Readiness Assessment

AI Compliance Readiness Assessment โ€” evaluate how prepared an organization is for AI governance regulations (EU AI Act, NIST AI RMF, HHS mandates, state bar...

Security & Compliance skill openclaw