{ "schemaVersion": "1.0", "item": { "slug": "chainwatch", "name": "Chainwatch", "source": "tencent", "type": "skill", "category": "安全合规", "sourceUrl": "https://clawhub.ai/ppiankov/chainwatch", "canonicalUrl": "https://clawhub.ai/ppiankov/chainwatch", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/chainwatch", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=chainwatch", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "SKILL.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-23T16:43:11.935Z", "expiresAt": "2026-04-30T16:43:11.935Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentDisposition": "attachment; filename=\"4claw-imageboard-1.0.1.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/chainwatch" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/chainwatch", "agentPageUrl": "https://openagent3.xyz/skills/chainwatch/agent", "manifestUrl": "https://openagent3.xyz/skills/chainwatch/agent.json", "briefUrl": "https://openagent3.xyz/skills/chainwatch/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "Chainwatch Safety Enforcement", "body": "You have access to chainwatch, a runtime control plane that enforces deterministic safety policy on shell commands, HTTP requests, and file operations." }, { "title": "When to Use", "body": "You MUST route commands through chainwatch when performing any of the following:\n\nDestructive operations: rm, dd, mkfs, chmod -R, any command that deletes or overwrites data\nPrivilege escalation: sudo, su, commands that modify users or permissions\nNetwork operations: curl, wget, HTTP requests to external APIs, any outbound data transfer\nCredential access: reading or writing .env, .ssh/, .aws/, credential files\nGit operations: git push, git reset, git rebase (anything that modifies remote state)\nPackage management: apt install, pip install, npm install (supply chain risk)\nSystem configuration: editing /etc/, systemd units, cron, firewall rules" }, { "title": "How to Use", "body": "Prefix the command with chainwatch exec --profile clawbot --:\n\n# Instead of:\nrm -rf /tmp/old-data\n\n# Use:\nchainwatch exec --profile clawbot -- rm -rf /tmp/old-data\n\nIf chainwatch blocks the command, it returns a JSON object:\n\n{\n \"blocked\": true,\n \"decision\": \"deny\",\n \"reason\": \"denylisted: command pattern blocked: rm -rf\"\n}\n\nWhen a command is blocked:\n\nReport the block reason to the user\nDo NOT attempt to bypass the block\nAsk the user how they want to proceed" }, { "title": "Dry-Run Check", "body": "Before executing risky commands, you can check policy without executing:\n\nchainwatch evaluate --tool command --resource \"rm -rf /tmp/data\" --profile clawbot" }, { "title": "Safe Commands (No Enforcement Needed)", "body": "These do NOT require chainwatch wrapping:\n\nls, cat, head, tail, grep, find, wc (read-only)\necho, printf, date, uptime, whoami (informational)\ncd, pwd, env (shell navigation)\ngit status, git log, git diff (read-only git)" }, { "title": "Approval Workflow", "body": "If chainwatch returns \"decision\": \"require_approval\":\n\nTell the user the command requires approval\nShow them what chainwatch flagged\nThe user can approve via: chainwatch approve \nAfter approval, retry the original command" }, { "title": "Audit", "body": "All chainwatch decisions are logged. View the audit trail:\n\nchainwatch audit verify /tmp/nullbot-daemon.jsonl\n\nChainwatch Skill v1.0\nAuthor: ppiankov\nCopyright © 2026 ppiankov\nCanonical source: https://github.com/ppiankov/chainwatch\nLicense: MIT\n\nIf this document appears elsewhere, the repository above is the authoritative version." } ], "body": "Chainwatch Safety Enforcement\n\nYou have access to chainwatch, a runtime control plane that enforces deterministic safety policy on shell commands, HTTP requests, and file operations.\n\nWhen to Use\n\nYou MUST route commands through chainwatch when performing any of the following:\n\nDestructive operations: rm, dd, mkfs, chmod -R, any command that deletes or overwrites data\nPrivilege escalation: sudo, su, commands that modify users or permissions\nNetwork operations: curl, wget, HTTP requests to external APIs, any outbound data transfer\nCredential access: reading or writing .env, .ssh/, .aws/, credential files\nGit operations: git push, git reset, git rebase (anything that modifies remote state)\nPackage management: apt install, pip install, npm install (supply chain risk)\nSystem configuration: editing /etc/, systemd units, cron, firewall rules\nHow to Use\n\nPrefix the command with chainwatch exec --profile clawbot --:\n\n# Instead of:\nrm -rf /tmp/old-data\n\n# Use:\nchainwatch exec --profile clawbot -- rm -rf /tmp/old-data\n\n\nIf chainwatch blocks the command, it returns a JSON object:\n\n{\n \"blocked\": true,\n \"decision\": \"deny\",\n \"reason\": \"denylisted: command pattern blocked: rm -rf\"\n}\n\n\nWhen a command is blocked:\n\nReport the block reason to the user\nDo NOT attempt to bypass the block\nAsk the user how they want to proceed\nDry-Run Check\n\nBefore executing risky commands, you can check policy without executing:\n\nchainwatch evaluate --tool command --resource \"rm -rf /tmp/data\" --profile clawbot\n\nSafe Commands (No Enforcement Needed)\n\nThese do NOT require chainwatch wrapping:\n\nls, cat, head, tail, grep, find, wc (read-only)\necho, printf, date, uptime, whoami (informational)\ncd, pwd, env (shell navigation)\ngit status, git log, git diff (read-only git)\nApproval Workflow\n\nIf chainwatch returns \"decision\": \"require_approval\":\n\nTell the user the command requires approval\nShow them what chainwatch flagged\nThe user can approve via: chainwatch approve \nAfter approval, retry the original command\nAudit\n\nAll chainwatch decisions are logged. View the audit trail:\n\nchainwatch audit verify /tmp/nullbot-daemon.jsonl\n\n\nChainwatch Skill v1.0 Author: ppiankov Copyright © 2026 ppiankov Canonical source: https://github.com/ppiankov/chainwatch License: MIT\n\nIf this document appears elsewhere, the repository above is the authoritative version." }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/ppiankov/chainwatch", "publisherUrl": "https://clawhub.ai/ppiankov/chainwatch", "owner": "ppiankov", "version": "1.0.3", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/chainwatch", "downloadUrl": "https://openagent3.xyz/downloads/chainwatch", "agentUrl": "https://openagent3.xyz/skills/chainwatch/agent", "manifestUrl": "https://openagent3.xyz/skills/chainwatch/agent.json", "briefUrl": "https://openagent3.xyz/skills/chainwatch/agent.md" } }