{ "schemaVersion": "1.0", "item": { "slug": "skillgate-gov", "name": "SkillGate Governance", "source": "tencent", "type": "skill", "category": "安全合规", "sourceUrl": "https://clawhub.ai/liyecom/skillgate-gov", "canonicalUrl": "https://clawhub.ai/liyecom/skillgate-gov", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/skillgate-gov", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=skillgate-gov", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "SKILL.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-23T16:43:11.935Z", "expiresAt": "2026-04-30T16:43:11.935Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentDisposition": "attachment; filename=\"4claw-imageboard-1.0.1.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/skillgate-gov" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/skillgate-gov", "agentPageUrl": "https://openagent3.xyz/skills/skillgate-gov/agent", "manifestUrl": "https://openagent3.xyz/skills/skillgate-gov/agent.json", "briefUrl": "https://openagent3.xyz/skills/skillgate-gov/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "SkillGate (Governance)", "body": "This skill teaches OpenClaw how to run SkillGate against a skills directory, generate evidence, and quarantine risky skills." }, { "title": "Quick Start (recommended)", "body": "We intentionally avoid global installs (npm i -g) to reduce supply-chain risk.\nUse a pinned version via npx for deterministic behavior.\n\n# Scan current workspace (read-only by default)\nnpx --yes @skillgate/openclaw-skillgate@0.1.3 gov_scan .\n\n# Show a human-readable explanation for a finding\nnpx --yes @skillgate/openclaw-skillgate@0.1.3 gov_explain " }, { "title": "Provenance / How to verify what you run", "body": "# Verify package metadata\nnpm view @skillgate/openclaw-skillgate@0.1.3 name version license repository\nnpm view @skillgate/openclaw-skillgate@0.1.3 dist.tarball dist.integrity\n\n# Optional: verify GitHub release & source\n# Repo: https://github.com/skillgatesecurity/openclaw-skillgate\n\nThis package is published under the official @skillgate scope and built/released via GitHub Actions." }, { "title": "Permissions & Filesystem scope", "body": "Network: not required for scanning local files (except fetching the npm package on first run).\nDefault mode: read-only scan of the given directory.\nWrites (only when you explicitly run quarantine/restore commands):\n\ncreates/updates evidence outputs under a local folder (e.g. .skillgate/ or the specified output path)\nmay quarantine a skill by moving/marking files within the target directory you pass in\n\nIt does not require secrets (no tokens/keys) and does not modify system-wide settings." }, { "title": "OpenClaw Plugin Commands", "body": "Once loaded as an OpenClaw plugin, these slash commands become available:\n\n# scan all skills for risks (default: HIGH+)\n/gov scan\n\n# scan with all findings including LOW/INFO\n/gov scan --all\n\n# quarantine a specific skill\n/gov quarantine \n\n# restore a quarantined skill\n/gov restore \n\n# explain why a skill was flagged\n/gov explain \n\n# show governance status\n/gov status" }, { "title": "Risk Levels", "body": "LevelAuto ActionDescriptionCRITICALQuarantineShell injection, supply-chain attacksHIGHDisableDangerous patterns, external downloadsMEDIUMWarnRisky but not immediately dangerousLOW/INFOLogInformational only" }, { "title": "Local Development (optional)", "body": "If you prefer a local dependency instead of npx:\n\nnpm i -D @skillgate/openclaw-skillgate@0.1.3\nnpx gov_scan ." }, { "title": "Notes", "body": "Use this as the standard operating procedure for Skill supply-chain reviews." } ], "body": "SkillGate (Governance)\n\nThis skill teaches OpenClaw how to run SkillGate against a skills directory, generate evidence, and quarantine risky skills.\n\nQuick Start (recommended)\n\nWe intentionally avoid global installs (npm i -g) to reduce supply-chain risk. Use a pinned version via npx for deterministic behavior.\n\n# Scan current workspace (read-only by default)\nnpx --yes @skillgate/openclaw-skillgate@0.1.3 gov_scan .\n\n# Show a human-readable explanation for a finding\nnpx --yes @skillgate/openclaw-skillgate@0.1.3 gov_explain \n\nProvenance / How to verify what you run\n# Verify package metadata\nnpm view @skillgate/openclaw-skillgate@0.1.3 name version license repository\nnpm view @skillgate/openclaw-skillgate@0.1.3 dist.tarball dist.integrity\n\n# Optional: verify GitHub release & source\n# Repo: https://github.com/skillgatesecurity/openclaw-skillgate\n\n\nThis package is published under the official @skillgate scope and built/released via GitHub Actions.\n\nPermissions & Filesystem scope\nNetwork: not required for scanning local files (except fetching the npm package on first run).\nDefault mode: read-only scan of the given directory.\nWrites (only when you explicitly run quarantine/restore commands):\ncreates/updates evidence outputs under a local folder (e.g. .skillgate/ or the specified output path)\nmay quarantine a skill by moving/marking files within the target directory you pass in\n\nIt does not require secrets (no tokens/keys) and does not modify system-wide settings.\n\nOpenClaw Plugin Commands\n\nOnce loaded as an OpenClaw plugin, these slash commands become available:\n\n# scan all skills for risks (default: HIGH+)\n/gov scan\n\n# scan with all findings including LOW/INFO\n/gov scan --all\n\n# quarantine a specific skill\n/gov quarantine \n\n# restore a quarantined skill\n/gov restore \n\n# explain why a skill was flagged\n/gov explain \n\n# show governance status\n/gov status\n\nRisk Levels\nLevel\tAuto Action\tDescription\nCRITICAL\tQuarantine\tShell injection, supply-chain attacks\nHIGH\tDisable\tDangerous patterns, external downloads\nMEDIUM\tWarn\tRisky but not immediately dangerous\nLOW/INFO\tLog\tInformational only\nLocal Development (optional)\n\nIf you prefer a local dependency instead of npx:\n\nnpm i -D @skillgate/openclaw-skillgate@0.1.3\nnpx gov_scan .\n\nNotes\n\nUse this as the standard operating procedure for Skill supply-chain reviews." }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/liyecom/skillgate-gov", "publisherUrl": "https://clawhub.ai/liyecom/skillgate-gov", "owner": "liyecom", "version": "0.1.2", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/skillgate-gov", "downloadUrl": "https://openagent3.xyz/downloads/skillgate-gov", "agentUrl": "https://openagent3.xyz/skills/skillgate-gov/agent", "manifestUrl": "https://openagent3.xyz/skills/skillgate-gov/agent.json", "briefUrl": "https://openagent3.xyz/skills/skillgate-gov/agent.md" } }