# Send Signet Guardian to your agent
Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.
## Fast path
- Download the package from Yavira.
- Extract it into a folder your agent can access.
- Paste one of the prompts below and point your agent at the extracted folder.
## Suggested prompts
### New install

```text
I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete.
```
### Upgrade existing

```text
I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run.
```
## Machine-readable fields
```json
{
  "schemaVersion": "1.0",
  "item": {
    "slug": "signet-guardian",
    "name": "Signet Guardian",
    "source": "tencent",
    "type": "skill",
    "category": "AI 智能",
    "sourceUrl": "https://clawhub.ai/rafalzacher1/signet-guardian",
    "canonicalUrl": "https://clawhub.ai/rafalzacher1/signet-guardian",
    "targetPlatform": "OpenClaw"
  },
  "install": {
    "downloadUrl": "/downloads/signet-guardian",
    "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=signet-guardian",
    "sourcePlatform": "tencent",
    "targetPlatform": "OpenClaw",
    "packageFormat": "ZIP package",
    "primaryDoc": "SKILL.md",
    "includedAssets": [
      "README.md",
      "SKILL.md",
      "docs/DASHBOARD_TEST.md",
      "openclaw-extension/README.md",
      "openclaw-extension/signet-guardian/index.ts",
      "package.json"
    ],
    "downloadMode": "redirect",
    "sourceHealth": {
      "source": "tencent",
      "status": "healthy",
      "reason": "direct_download_ok",
      "recommendedAction": "download",
      "checkedAt": "2026-04-30T16:55:25.780Z",
      "expiresAt": "2026-05-07T16:55:25.780Z",
      "httpStatus": 200,
      "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network",
      "contentType": "application/zip",
      "probeMethod": "head",
      "details": {
        "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network",
        "contentDisposition": "attachment; filename=\"network-1.0.0.zip\"",
        "redirectLocation": null,
        "bodySnippet": null
      },
      "scope": "source",
      "summary": "Source download looks usable.",
      "detail": "Yavira can redirect you to the upstream package for this source.",
      "primaryActionLabel": "Download for OpenClaw",
      "primaryActionHref": "/downloads/signet-guardian"
    },
    "validation": {
      "installChecklist": [
        "Use the Yavira download entry.",
        "Review SKILL.md after the package is downloaded.",
        "Confirm the extracted package contains the expected setup assets."
      ],
      "postInstallChecks": [
        "Confirm the extracted package includes the expected docs or setup files.",
        "Validate the skill or prompts are available in your target agent workspace.",
        "Capture any manual follow-up steps the agent could not complete."
      ]
    }
  },
  "links": {
    "detailUrl": "https://openagent3.xyz/skills/signet-guardian",
    "downloadUrl": "https://openagent3.xyz/downloads/signet-guardian",
    "agentUrl": "https://openagent3.xyz/skills/signet-guardian/agent",
    "manifestUrl": "https://openagent3.xyz/skills/signet-guardian/agent.json",
    "briefUrl": "https://openagent3.xyz/skills/signet-guardian/agent.md"
  }
}
```
## Documentation

### Overview

Signet Guardian is a policy firewall for money actions. It does not intercept payments at runtime by itself; payment-capable skills must route through it by contract:

Before any payment: call signet-preflight (amount, currency, payee, purpose).
If result is ALLOW or CONFIRM_REQUIRED (and user has confirmed): the skill may proceed.
If result is DENY: do not proceed; tell the user the reason.
After a successful payment: call signet-record to append to the ledger.

This gives one place to enforce: master switch (payments on/off), max per transaction (e.g. £20), max per month (e.g. £500), and optional confirmation above a threshold (e.g. £5).

Concurrency: Preflight is advisory (no lock). Record enforces the monthly cap under a file lock ({baseDir}/references/.ledger.lock): it re-checks the cap before appending and refuses to record if the month would be exceeded. So the monthly limit is enforced at record time; idempotency and cap are both safe under concurrent calls. Preflight can still be used to fail fast; the definitive check is in record.

Currency: No FX conversion. The request currency must match the policy currency; otherwise preflight returns DENY. Conversion source/rules are not defined.

### Policy (user configuration)

Source of truth: OpenClaw config first (signet.policy in the main config, e.g. editable in the Control UI if the extension is installed), then fallback to {baseDir}/references/policy.json. OpenClaw sets {baseDir} via OPENCLAW_SKILL_DIR or OPENCLAW_BASE_DIR.

FieldMeaningpaymentsEnabledMaster switch. If false, all payments are denied.maxPerTransactionMax amount allowed for a single transaction (e.g. 20).maxPerMonthMax total spend in the current calendar month (e.g. 500).currencyISO currency code (e.g. GBP, USD). Request currency must match.requireConfirmationAboveAbove this amount, return CONFIRM_REQUIRED so the user must explicitly confirm (e.g. 5).blockedMerchantsOptional list of substrings; payee matching any is denied.allowedMerchantsOptional; if non-empty, only payees matching one of these are allowed.versionOptional number for future policy migrations.

Default behaviour: If the policy file is missing or invalid, preflight returns DENY (default-deny).

### signet-preflight

Run before initiating any payment. Validates: payments enabled, currency match, amount > 0 and ≤ max per transaction, (current month spend + amount) ≤ max per month, and optional merchant rules. Optionally requires explicit confirmation above a threshold. Amount must be greater than zero.

signet-preflight --amount 15 --currency GBP --payee "shop.example.com" --purpose "Subscription"

Optional:

--idempotency-key "unique-key" — Used when recording later to avoid duplicate ledger entries.
--caller-skill "skill-name" — Name of the skill invoking the guard (for audit).

Output (JSON):

{ "result": "ALLOW", "reason": "Within policy" } — Proceed with the payment.
{ "result": "CONFIRM_REQUIRED", "reason": "..." } — Ask the user for explicit confirmation; if they agree, proceed then call signet-record. (Confirmation is the caller’s responsibility.)
{ "result": "DENY", "reason": "..." } — Do not proceed. Notify the user.

Every DENY is logged to the audit trail.

Exit code: 0 for ALLOW or CONFIRM_REQUIRED, 1 for DENY.

### signet-record

Call after a payment has successfully been made. Appends one line to the ledger (append-only). If an idempotency key was used in preflight, pass the same key here to avoid double-counting.

Record validation scope: signet-record re-checks only currency and monthly cap (under lock). It does not re-check paymentsEnabled or merchant allow/block lists. Policy enforcement (switch, merchants, per-tx limit) is done at preflight (and in an optional future authorize phase). Record is the post-success log; the cap check at record time prevents double-counting when concurrent preflights both allowed.

signet-record --amount 15 --currency GBP --payee "shop.example.com" --purpose "Subscription" --idempotency-key "sub-123"

Optional: --caller-skill "skill-name" for audit.

If the same idempotency-key was already recorded, the command is a no-op (idempotent).

### signet-report

Shows spending and transaction history for the user.

signet-report --period today
signet-report --period month

### signet-policy

Show, edit, or configure policy via wizard.

signet-policy --show    # Print current policy (config, then file)
signet-policy --edit    # Open policy.json in $EDITOR
signet-policy --wizard  # Interactive step-by-step setup (no JSON)
signet-policy --migrate-file-to-config  # One-time: copy file policy into OpenClaw config

### Audit (ledger and deny log)

Ledger file: {baseDir}/references/ledger.jsonl. Format is strict JSONL: one JSON object per line, newline-separated (no space between entries). Each line contains:

ts — Timestamp UTC (ISO 8601).
callerSkill — Optional; skill that invoked preflight/record.
idempotencyKey — Optional; dedupe key for record.
status — completed or denied.
reason — Decision reason (especially for denials).
Plus: amount, currency, payee, purpose.

All preflight denials are appended to the same ledger with status: "denied" and a reason.

### Critical Rules (for the agent)

Never skip preflight — Any payment from any skill must go through signet-preflight first. No exceptions.
Respect DENY — If preflight returns DENY, do not attempt the payment. Tell the user the reason.
CONFIRM_REQUIRED — If preflight returns CONFIRM_REQUIRED, ask the user explicitly (“Allow this payment of £X to Y?”). Only proceed if they confirm, then call signet-record.
Always record success — After a successful payment, call signet-record with the same amount, currency, payee, purpose, and idempotency key (if used).
Idempotency — For critical flows, use a stable --idempotency-key (e.g. order ID or request ID) so retries do not double-count in the monthly total.
Default-deny — If the policy file is missing or corrupt, the skill denies by default.
Record is authoritative for cap only — The monthly cap is enforced when recording (under lock). If signet-record fails with a cap error, the payment already happened; do not retry without user confirmation. For cap-safe flows before payment, a future authorize (reservation under lock) then settle (convert reservation to completed) pattern can reserve budget before the payment is made.

### First Run

On first use, the user must have a valid {baseDir}/references/policy.json. Run signet-policy --show to see current policy; if missing, create it (e.g. via signet-policy --edit) with at least:

paymentsEnabled: true/false
maxPerTransaction: number
maxPerMonth: number
currency: e.g. "GBP"
requireConfirmationAbove: number (e.g. 5)

Ledger lives at {baseDir}/references/ledger.jsonl; no extra setup required.
## Trust
- Source: tencent
- Verification: Indexed source record
- Publisher: rafalzacher1
- Version: 0.1.0
## Source health
- Status: healthy
- Source download looks usable.
- Yavira can redirect you to the upstream package for this source.
- Health scope: source
- Reason: direct_download_ok
- Checked at: 2026-04-30T16:55:25.780Z
- Expires at: 2026-05-07T16:55:25.780Z
- Recommended action: Download for OpenClaw
## Links
- [Detail page](https://openagent3.xyz/skills/signet-guardian)
- [Send to Agent page](https://openagent3.xyz/skills/signet-guardian/agent)
- [JSON manifest](https://openagent3.xyz/skills/signet-guardian/agent.json)
- [Markdown brief](https://openagent3.xyz/skills/signet-guardian/agent.md)
- [Download page](https://openagent3.xyz/downloads/signet-guardian)