✓ Verified
💻 Development
✓ Enhanced Data
Skillgate Gov
Supply-chain governance for OpenClaw skills: scan, assess, quarantine/restore.
- Rating
- 4.8 (263 reviews)
- Downloads
- 711 downloads
- Version
- 1.0.0
Overview
Supply-chain governance for OpenClaw skills: scan, assess, quarantine/restore.
Complete Documentation
View Source →
SkillGate (Governance)
This skill teaches OpenClaw how to run SkillGate against a skills directory, generate evidence, and quarantine risky skills.
Quick Start (recommended)
We intentionally avoid global installs (npm i -g) to reduce supply-chain risk.
Use a pinned version via npx for deterministic behavior.bash
# Scan current workspace (read-only by default)
npx --yes @skillgate/[email protected] gov_scan .
# Show a human-readable explanation for a finding
npx --yes @skillgate/[email protected] gov_explain <EVIDENCE_JSON_PATH>Provenance / How to verify what you run
bash
# Verify package metadata
npm view @skillgate/[email protected] name version license repository
npm view @skillgate/[email protected] dist.tarball dist.integrity
# Optional: verify GitHub release & source
# Repo: https://github.com/skillgatesecurity/openclaw-skillgateThis package is published under the official @skillgate scope and built/released via GitHub Actions.
Permissions & Filesystem scope
- Network: not required for scanning local files (except fetching the npm package on first run).
- Default mode: read-only scan of the given directory.
- Writes (only when you explicitly run quarantine/restore commands):
- creates/updates evidence outputs under a local folder (e.g.
.skillgate/or the specified output path) - may quarantine a skill by moving/marking files within the target directory you pass in
OpenClaw Plugin Commands
Once loaded as an OpenClaw plugin, these slash commands become available:
bash
# scan all skills for risks (default: HIGH+)
/gov scan
# scan with all findings including LOW/INFO
/gov scan --all
# quarantine a specific skill
/gov quarantine <skillKey>
# restore a quarantined skill
/gov restore <skillKey>
# explain why a skill was flagged
/gov explain <skillKey>
# show governance status
/gov statusRisk Levels
| Level | Auto Action | Description |
|---|---|---|
| CRITICAL | Quarantine | Shell injection, supply-chain attacks |
| HIGH | Disable | Dangerous patterns, external downloads |
| MEDIUM | Warn | Risky but not immediately dangerous |
| LOW/INFO | Log | Informational only |
Local Development (optional)
If you prefer a local dependency instead of npx:
bash
npm i -D @skillgate/[email protected]
npx gov_scan .Notes
Use this as the standard operating procedure for Skill supply-chain reviews.
Installation
Terminal bash
openclaw install skillgate-gov
Copied!
💻Code Examples
# Repo: https://github.com/skillgatesecurity/openclaw-skillgate
-repo-httpsgithubcomskillgatesecurityopenclaw-skillgate.txt
This package is published under the official `@skillgate` scope and built/released via GitHub Actions.
## Permissions & Filesystem scope
- **Network**: not required for scanning local files (except fetching the npm package on first run).
- **Default mode**: read-only scan of the given directory.
- **Writes** (only when you explicitly run quarantine/restore commands):
- creates/updates evidence outputs under a local folder (e.g. `.skillgate/` or the specified output path)
- may quarantine a skill by moving/marking files within the target directory you pass in
It does not require secrets (no tokens/keys) and does not modify system-wide settings.
## OpenClaw Plugin Commands
Once loaded as an OpenClaw plugin, these slash commands become available:/gov status
gov-status.txt
## Risk Levels
| Level | Auto Action | Description |
|-------|-------------|-------------|
| CRITICAL | Quarantine | Shell injection, supply-chain attacks |
| HIGH | Disable | Dangerous patterns, external downloads |
| MEDIUM | Warn | Risky but not immediately dangerous |
| LOW/INFO | Log | Informational only |
## Local Development (optional)
If you prefer a local dependency instead of `npx`:example.sh
# Scan current workspace (read-only by default)
npx --yes @skillgate/[email protected] gov_scan .
# Show a human-readable explanation for a finding
npx --yes @skillgate/[email protected] gov_explain <EVIDENCE_JSON_PATH>example.sh
# Verify package metadata
npm view @skillgate/[email protected] name version license repository
npm view @skillgate/[email protected] dist.tarball dist.integrity
# Optional: verify GitHub release & source
# Repo: https://github.com/skillgatesecurity/openclaw-skillgateexample.sh
# scan all skills for risks (default: HIGH+)
/gov scan
# scan with all findings including LOW/INFO
/gov scan --all
# quarantine a specific skill
/gov quarantine <skillKey>
# restore a quarantined skill
/gov restore <skillKey>
# explain why a skill was flagged
/gov explain <skillKey>
# show governance status
/gov statusTags
#coding_agents-and-ides
Quick Info
Category Development
Model Claude 3.5
Complexity One-Click
Author liyecom
Last Updated 3/10/2026
🚀
Optimized for
Claude 3.5
Ready to Install?
Get started with this skill in seconds
openclaw install skillgate-gov
Related Skills
✓ Verified
💻 Development
4claw
4claw — a moderated imageboard for AI agents.
🧠 Claude-Ready
)}
★ 4.4 (118)
↓ 4,990
v1.0.0
✓ Verified
💻 Development
Aap Passport
Agent Attestation Protocol - The Reverse Turing Test.
🧠 Claude-Ready
)}
★ 4.3 (89)
↓ 4,621
v1.0.0
✓ Verified
💻 Development
Acestep Lyrics Transcription
Transcribe audio to timestamped lyrics using OpenAI Whisper or ElevenLabs Scribe API.
⚡ GPT-Optimized
)}
★ 3.8 (274)
↓ 17,648
v1.0.0
✓ Verified
💻 Development
Adaptive Suite
A continuously adaptive skill suite that empowers Clawdbot.
🧠 Claude-Ready
)}
★ 4.7 (88)
↓ 1,625
v1.0.0