OpenClaw Marshal
Define security policies for your workspace and audit compliance. Check installed skills against command, network, and data handling rules. Generate audit-ready compliance reports.
Why This Matters
Agent workspaces accumulate skills that execute commands, access the network, and handle data. Without a defined security policy, there is no way to know whether installed skills comply with your organization's requirements — or whether your workspace itself meets basic security hygiene standards.
This skill lets you define a policy once and audit everything against it.
Commands
Initialize Policy
Create a default security policy file (.marshal-policy.json) with sensible defaults.
CODEBLOCK0
Show Policy
Display the current active policy.
CODEBLOCK1
Policy Summary
Quick overview of loaded policy rules.
CODEBLOCK2
Full Compliance Audit
Audit all installed skills and workspace configuration against the active policy. Reports compliance score, violations, and recommendations.
CODEBLOCK3
Check Specific Skill
Check a single skill against the policy. Reports pass/fail per rule.
CODEBLOCK4
Generate Compliance Report
Produce a formatted, copy-pastable compliance report suitable for audit documentation.
CODEBLOCK5
Quick Status
One-line summary: policy loaded, compliance score, critical violations count.
CODEBLOCK6
Workspace Auto-Detection
If --workspace is omitted, the script tries:
- 1.
OPENCLAW_WORKSPACE environment variable - Current directory (if AGENTS.md exists)
- INLINECODE3� (default)
What Gets Checked
| Category | Checks | Severity |
|---|
| Command Safety | Dangerous patterns (eval, exec, pipe-to-shell, rm -rf /) | CRITICAL |
| Command Policy |
Blocked and review-required commands from policy | HIGH/MEDIUM |
|
Network Policy | Domain allow/blocklists, suspicious TLD patterns | CRITICAL/HIGH |
|
Data Handling | Secret scanner installed, PII scanner configured | HIGH/MEDIUM |
|
Workspace Hygiene | .gitignore, audit trail (ledger), skill signing (signet) | HIGH/MEDIUM |
|
Configuration | Debug modes, verbose logging left enabled | LOW |
Policy Format
The .marshal-policy.json file defines all rules:
- - commands.allow — Permitted binaries
- commands.block — Blocked command patterns
- commands.review — Commands requiring human review
- network.allowdomains — Permitted network domains
- network.blockdomains — Blocked domains
- network.blockpatterns — Wildcard domain blocks (e.g.,
*.tk) - datahandling.piiscan — Require PII scanning
- datahandling.secretscan — Require secret scanning
- workspace.requiregitignore — Require .gitignore
- workspace.requireaudittrail — Require ledger
- workspace.requireskillsigning — Require signet
Exit Codes
- -
0 — Compliant, no issues - INLINECODE7� — Review needed (medium/high findings)
- INLINECODE8� — Critical violations detected
No External Dependencies
Python standard library only. No pip install. No network calls. Everything runs locally.
Cross-Platform
Works with OpenClaw, Claude Code, Cursor, and any tool using the Agent Skills specification.
OpenClaw Marshal
为你的工作空间定义安全策略并审计合规性。根据命令、网络和数据处理规则检查已安装的技能。生成可供审计的合规报告。
为何重要
代理工作空间会积累执行命令、访问网络和处理数据的技能。如果没有定义的安全策略,就无法知道已安装的技能是否符合组织要求——或者工作空间本身是否满足基本的安全卫生标准。
此技能让你可以一次性定义策略,并据此审计所有内容。
命令
初始化策略
使用合理的默认值创建默认安全策略文件(.marshal-policy.json)。
bash
python3 {baseDir}/scripts/marshal.py policy --init --workspace /path/to/workspace
显示策略
显示当前活动的策略。
bash
python3 {baseDir}/scripts/marshal.py policy --show --workspace /path/to/workspace
策略摘要
快速概览已加载的策略规则。
bash
python3 {baseDir}/scripts/marshal.py policy --workspace /path/to/workspace
完整合规审计
根据活动策略审计所有已安装技能和工作空间配置。报告合规分数、违规项和建议。
bash
python3 {baseDir}/scripts/marshal.py audit --workspace /path/to/workspace
检查特定技能
根据策略检查单个技能。报告每条规则的通过/失败情况。
bash
python3 {baseDir}/scripts/marshal.py check openclaw-warden --workspace /path/to/workspace
生成合规报告
生成格式化、可复制粘贴的合规报告,适用于审计文档。
bash
python3 {baseDir}/scripts/marshal.py report --workspace /path/to/workspace
快速状态
一行摘要:策略已加载、合规分数、严重违规数量。
bash
python3 {baseDir}/scripts/marshal.py status --workspace /path/to/workspace
工作空间自动检测
如果省略 --workspace,脚本会依次尝试:
- 1. OPENCLAW_WORKSPACE 环境变量
- 当前目录(如果存在 AGENTS.md)
- ~/.openclaw/workspace(默认)
检查内容
| 类别 | 检查项 | 严重程度 |
|---|
| 命令安全 | 危险模式(eval、exec、管道到shell、rm -rf /) | 严重 |
| 命令策略 |
策略中阻止和需要审查的命令 | 高/中 |
|
网络策略 | 域名允许/阻止列表、可疑TLD模式 | 严重/高 |
|
数据处理 | 已安装密钥扫描器、已配置PII扫描器 | 高/中 |
|
工作空间卫生 | .gitignore、审计追踪(ledger)、技能签名(signet) | 高/中 |
|
配置 | 调试模式、详细日志记录保持启用 | 低 |
策略格式
.marshal-policy.json 文件定义了所有规则:
- - commands.allow — 允许的二进制文件
- commands.block — 阻止的命令模式
- commands.review — 需要人工审查的命令
- network.allowdomains — 允许的网络域名
- network.blockdomains — 阻止的域名
- network.blockpatterns — 通配符域名阻止(例如 *.tk)
- datahandling.piiscan — 要求PII扫描
- datahandling.secretscan — 要求密钥扫描
- workspace.requiregitignore — 要求.gitignore
- workspace.requireaudittrail — 要求ledger
- workspace.requireskillsigning — 要求signet
退出代码
- - 0 — 合规,无问题
- 1 — 需要审查(中/高发现项)
- 2 — 检测到严重违规
无外部依赖
仅使用Python标准库。无需pip安装。无需网络调用。一切在本地运行。
跨平台
兼容OpenClaw、Claude Code、Cursor以及任何使用Agent Skills规范的工具。
