{ "schemaVersion": "1.0", "item": { "slug": "signet-guardian", "name": "Signet Guardian", "source": "tencent", "type": "skill", "category": "AI 智能", "sourceUrl": "https://clawhub.ai/rafalzacher1/signet-guardian", "canonicalUrl": "https://clawhub.ai/rafalzacher1/signet-guardian", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/signet-guardian", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=signet-guardian", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "README.md", "SKILL.md", "docs/DASHBOARD_TEST.md", "openclaw-extension/README.md", "openclaw-extension/signet-guardian/index.ts", "package.json" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-30T16:55:25.780Z", "expiresAt": "2026-05-07T16:55:25.780Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentDisposition": "attachment; filename=\"network-1.0.0.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/signet-guardian" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/signet-guardian", "agentPageUrl": "https://openagent3.xyz/skills/signet-guardian/agent", "manifestUrl": "https://openagent3.xyz/skills/signet-guardian/agent.json", "briefUrl": "https://openagent3.xyz/skills/signet-guardian/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "Overview", "body": "Signet Guardian is a policy firewall for money actions. It does not intercept payments at runtime by itself; payment-capable skills must route through it by contract:\n\nBefore any payment: call signet-preflight (amount, currency, payee, purpose).\nIf result is ALLOW or CONFIRM_REQUIRED (and user has confirmed): the skill may proceed.\nIf result is DENY: do not proceed; tell the user the reason.\nAfter a successful payment: call signet-record to append to the ledger.\n\nThis gives one place to enforce: master switch (payments on/off), max per transaction (e.g. £20), max per month (e.g. £500), and optional confirmation above a threshold (e.g. £5).\n\nConcurrency: Preflight is advisory (no lock). Record enforces the monthly cap under a file lock ({baseDir}/references/.ledger.lock): it re-checks the cap before appending and refuses to record if the month would be exceeded. So the monthly limit is enforced at record time; idempotency and cap are both safe under concurrent calls. Preflight can still be used to fail fast; the definitive check is in record.\n\nCurrency: No FX conversion. The request currency must match the policy currency; otherwise preflight returns DENY. Conversion source/rules are not defined." }, { "title": "Policy (user configuration)", "body": "Source of truth: OpenClaw config first (signet.policy in the main config, e.g. editable in the Control UI if the extension is installed), then fallback to {baseDir}/references/policy.json. OpenClaw sets {baseDir} via OPENCLAW_SKILL_DIR or OPENCLAW_BASE_DIR.\n\nFieldMeaningpaymentsEnabledMaster switch. If false, all payments are denied.maxPerTransactionMax amount allowed for a single transaction (e.g. 20).maxPerMonthMax total spend in the current calendar month (e.g. 500).currencyISO currency code (e.g. GBP, USD). Request currency must match.requireConfirmationAboveAbove this amount, return CONFIRM_REQUIRED so the user must explicitly confirm (e.g. 5).blockedMerchantsOptional list of substrings; payee matching any is denied.allowedMerchantsOptional; if non-empty, only payees matching one of these are allowed.versionOptional number for future policy migrations.\n\nDefault behaviour: If the policy file is missing or invalid, preflight returns DENY (default-deny)." }, { "title": "signet-preflight", "body": "Run before initiating any payment. Validates: payments enabled, currency match, amount > 0 and ≤ max per transaction, (current month spend + amount) ≤ max per month, and optional merchant rules. Optionally requires explicit confirmation above a threshold. Amount must be greater than zero.\n\nsignet-preflight --amount 15 --currency GBP --payee \"shop.example.com\" --purpose \"Subscription\"\n\nOptional:\n\n--idempotency-key \"unique-key\" — Used when recording later to avoid duplicate ledger entries.\n--caller-skill \"skill-name\" — Name of the skill invoking the guard (for audit).\n\nOutput (JSON):\n\n{ \"result\": \"ALLOW\", \"reason\": \"Within policy\" } — Proceed with the payment.\n{ \"result\": \"CONFIRM_REQUIRED\", \"reason\": \"...\" } — Ask the user for explicit confirmation; if they agree, proceed then call signet-record. (Confirmation is the caller’s responsibility.)\n{ \"result\": \"DENY\", \"reason\": \"...\" } — Do not proceed. Notify the user.\n\nEvery DENY is logged to the audit trail.\n\nExit code: 0 for ALLOW or CONFIRM_REQUIRED, 1 for DENY." }, { "title": "signet-record", "body": "Call after a payment has successfully been made. Appends one line to the ledger (append-only). If an idempotency key was used in preflight, pass the same key here to avoid double-counting.\n\nRecord validation scope: signet-record re-checks only currency and monthly cap (under lock). It does not re-check paymentsEnabled or merchant allow/block lists. Policy enforcement (switch, merchants, per-tx limit) is done at preflight (and in an optional future authorize phase). Record is the post-success log; the cap check at record time prevents double-counting when concurrent preflights both allowed.\n\nsignet-record --amount 15 --currency GBP --payee \"shop.example.com\" --purpose \"Subscription\" --idempotency-key \"sub-123\"\n\nOptional: --caller-skill \"skill-name\" for audit.\n\nIf the same idempotency-key was already recorded, the command is a no-op (idempotent)." }, { "title": "signet-report", "body": "Shows spending and transaction history for the user.\n\nsignet-report --period today\nsignet-report --period month" }, { "title": "signet-policy", "body": "Show, edit, or configure policy via wizard.\n\nsignet-policy --show # Print current policy (config, then file)\nsignet-policy --edit # Open policy.json in $EDITOR\nsignet-policy --wizard # Interactive step-by-step setup (no JSON)\nsignet-policy --migrate-file-to-config # One-time: copy file policy into OpenClaw config" }, { "title": "Audit (ledger and deny log)", "body": "Ledger file: {baseDir}/references/ledger.jsonl. Format is strict JSONL: one JSON object per line, newline-separated (no space between entries). Each line contains:\n\nts — Timestamp UTC (ISO 8601).\ncallerSkill — Optional; skill that invoked preflight/record.\nidempotencyKey — Optional; dedupe key for record.\nstatus — completed or denied.\nreason — Decision reason (especially for denials).\nPlus: amount, currency, payee, purpose.\n\nAll preflight denials are appended to the same ledger with status: \"denied\" and a reason." }, { "title": "Critical Rules (for the agent)", "body": "Never skip preflight — Any payment from any skill must go through signet-preflight first. No exceptions.\nRespect DENY — If preflight returns DENY, do not attempt the payment. Tell the user the reason.\nCONFIRM_REQUIRED — If preflight returns CONFIRM_REQUIRED, ask the user explicitly (“Allow this payment of £X to Y?”). Only proceed if they confirm, then call signet-record.\nAlways record success — After a successful payment, call signet-record with the same amount, currency, payee, purpose, and idempotency key (if used).\nIdempotency — For critical flows, use a stable --idempotency-key (e.g. order ID or request ID) so retries do not double-count in the monthly total.\nDefault-deny — If the policy file is missing or corrupt, the skill denies by default.\nRecord is authoritative for cap only — The monthly cap is enforced when recording (under lock). If signet-record fails with a cap error, the payment already happened; do not retry without user confirmation. For cap-safe flows before payment, a future authorize (reservation under lock) then settle (convert reservation to completed) pattern can reserve budget before the payment is made." }, { "title": "First Run", "body": "On first use, the user must have a valid {baseDir}/references/policy.json. Run signet-policy --show to see current policy; if missing, create it (e.g. via signet-policy --edit) with at least:\n\npaymentsEnabled: true/false\nmaxPerTransaction: number\nmaxPerMonth: number\ncurrency: e.g. \"GBP\"\nrequireConfirmationAbove: number (e.g. 5)\n\nLedger lives at {baseDir}/references/ledger.jsonl; no extra setup required." } ], "body": "Signet Guardian — Payment Guard Middleware\nOverview\n\nSignet Guardian is a policy firewall for money actions. It does not intercept payments at runtime by itself; payment-capable skills must route through it by contract:\n\nBefore any payment: call signet-preflight (amount, currency, payee, purpose).\nIf result is ALLOW or CONFIRM_REQUIRED (and user has confirmed): the skill may proceed.\nIf result is DENY: do not proceed; tell the user the reason.\nAfter a successful payment: call signet-record to append to the ledger.\n\nThis gives one place to enforce: master switch (payments on/off), max per transaction (e.g. £20), max per month (e.g. £500), and optional confirmation above a threshold (e.g. £5).\n\nConcurrency: Preflight is advisory (no lock). Record enforces the monthly cap under a file lock ({baseDir}/references/.ledger.lock): it re-checks the cap before appending and refuses to record if the month would be exceeded. So the monthly limit is enforced at record time; idempotency and cap are both safe under concurrent calls. Preflight can still be used to fail fast; the definitive check is in record.\n\nCurrency: No FX conversion. The request currency must match the policy currency; otherwise preflight returns DENY. Conversion source/rules are not defined.\n\nPolicy (user configuration)\n\nSource of truth: OpenClaw config first (signet.policy in the main config, e.g. editable in the Control UI if the extension is installed), then fallback to {baseDir}/references/policy.json. OpenClaw sets {baseDir} via OPENCLAW_SKILL_DIR or OPENCLAW_BASE_DIR.\n\nField\tMeaning\npaymentsEnabled\tMaster switch. If false, all payments are denied.\nmaxPerTransaction\tMax amount allowed for a single transaction (e.g. 20).\nmaxPerMonth\tMax total spend in the current calendar month (e.g. 500).\ncurrency\tISO currency code (e.g. GBP, USD). Request currency must match.\nrequireConfirmationAbove\tAbove this amount, return CONFIRM_REQUIRED so the user must explicitly confirm (e.g. 5).\nblockedMerchants\tOptional list of substrings; payee matching any is denied.\nallowedMerchants\tOptional; if non-empty, only payees matching one of these are allowed.\nversion\tOptional number for future policy migrations.\n\nDefault behaviour: If the policy file is missing or invalid, preflight returns DENY (default-deny).\n\nCommands\nsignet-preflight\n\nRun before initiating any payment. Validates: payments enabled, currency match, amount > 0 and ≤ max per transaction, (current month spend + amount) ≤ max per month, and optional merchant rules. Optionally requires explicit confirmation above a threshold. Amount must be greater than zero.\n\nsignet-preflight --amount 15 --currency GBP --payee \"shop.example.com\" --purpose \"Subscription\"\n\n\nOptional:\n\n--idempotency-key \"unique-key\" — Used when recording later to avoid duplicate ledger entries.\n--caller-skill \"skill-name\" — Name of the skill invoking the guard (for audit).\n\nOutput (JSON):\n\n{ \"result\": \"ALLOW\", \"reason\": \"Within policy\" } — Proceed with the payment.\n{ \"result\": \"CONFIRM_REQUIRED\", \"reason\": \"...\" } — Ask the user for explicit confirmation; if they agree, proceed then call signet-record. (Confirmation is the caller’s responsibility.)\n{ \"result\": \"DENY\", \"reason\": \"...\" } — Do not proceed. Notify the user.\n\nEvery DENY is logged to the audit trail.\n\nExit code: 0 for ALLOW or CONFIRM_REQUIRED, 1 for DENY.\n\nsignet-record\n\nCall after a payment has successfully been made. Appends one line to the ledger (append-only). If an idempotency key was used in preflight, pass the same key here to avoid double-counting.\n\nRecord validation scope: signet-record re-checks only currency and monthly cap (under lock). It does not re-check paymentsEnabled or merchant allow/block lists. Policy enforcement (switch, merchants, per-tx limit) is done at preflight (and in an optional future authorize phase). Record is the post-success log; the cap check at record time prevents double-counting when concurrent preflights both allowed.\n\nsignet-record --amount 15 --currency GBP --payee \"shop.example.com\" --purpose \"Subscription\" --idempotency-key \"sub-123\"\n\n\nOptional: --caller-skill \"skill-name\" for audit.\n\nIf the same idempotency-key was already recorded, the command is a no-op (idempotent).\n\nsignet-report\n\nShows spending and transaction history for the user.\n\nsignet-report --period today\nsignet-report --period month\n\nsignet-policy\n\nShow, edit, or configure policy via wizard.\n\nsignet-policy --show # Print current policy (config, then file)\nsignet-policy --edit # Open policy.json in $EDITOR\nsignet-policy --wizard # Interactive step-by-step setup (no JSON)\nsignet-policy --migrate-file-to-config # One-time: copy file policy into OpenClaw config\n\nAudit (ledger and deny log)\n\nLedger file: {baseDir}/references/ledger.jsonl. Format is strict JSONL: one JSON object per line, newline-separated (no space between entries). Each line contains:\n\nts — Timestamp UTC (ISO 8601).\ncallerSkill — Optional; skill that invoked preflight/record.\nidempotencyKey — Optional; dedupe key for record.\nstatus — completed or denied.\nreason — Decision reason (especially for denials).\nPlus: amount, currency, payee, purpose.\n\nAll preflight denials are appended to the same ledger with status: \"denied\" and a reason.\n\nCritical Rules (for the agent)\nNever skip preflight — Any payment from any skill must go through signet-preflight first. No exceptions.\nRespect DENY — If preflight returns DENY, do not attempt the payment. Tell the user the reason.\nCONFIRM_REQUIRED — If preflight returns CONFIRM_REQUIRED, ask the user explicitly (“Allow this payment of £X to Y?”). Only proceed if they confirm, then call signet-record.\nAlways record success — After a successful payment, call signet-record with the same amount, currency, payee, purpose, and idempotency key (if used).\nIdempotency — For critical flows, use a stable --idempotency-key (e.g. order ID or request ID) so retries do not double-count in the monthly total.\nDefault-deny — If the policy file is missing or corrupt, the skill denies by default.\nRecord is authoritative for cap only — The monthly cap is enforced when recording (under lock). If signet-record fails with a cap error, the payment already happened; do not retry without user confirmation. For cap-safe flows before payment, a future authorize (reservation under lock) then settle (convert reservation to completed) pattern can reserve budget before the payment is made.\nFirst Run\n\nOn first use, the user must have a valid {baseDir}/references/policy.json. Run signet-policy --show to see current policy; if missing, create it (e.g. via signet-policy --edit) with at least:\n\npaymentsEnabled: true/false\nmaxPerTransaction: number\nmaxPerMonth: number\ncurrency: e.g. \"GBP\"\nrequireConfirmationAbove: number (e.g. 5)\n\nLedger lives at {baseDir}/references/ledger.jsonl; no extra setup required." }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/rafalzacher1/signet-guardian", "publisherUrl": "https://clawhub.ai/rafalzacher1/signet-guardian", "owner": "rafalzacher1", "version": "0.1.0", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/signet-guardian", "downloadUrl": "https://openagent3.xyz/downloads/signet-guardian", "agentUrl": "https://openagent3.xyz/skills/signet-guardian/agent", "manifestUrl": "https://openagent3.xyz/skills/signet-guardian/agent.json", "briefUrl": "https://openagent3.xyz/skills/signet-guardian/agent.md" } }