gatewaystack-governance
Deny-by-default governance for every tool call — identity, scope, rate limiting, injection detection, audit.
Setup & Installation
Install command
clawhub install davidcrowe/gatewaystack-governanceIf the CLI is not installed:
Install command
npx clawhub@latest install davidcrowe/gatewaystack-governanceOr install with OpenClaw CLI:
Install command
openclaw skills install davidcrowe/gatewaystack-governanceor paste the repo link into your assistant's chat
Install command
https://github.com/openclaw/skills/tree/main/skills/davidcrowe/gatewaystack-governanceWhat This Skill Does
Deny-by-default governance layer for OpenClaw that intercepts every tool call before execution. Runs five mandatory checks: identity verification, scope enforcement, rate limiting, prompt injection detection, and audit logging. Three optional features add output DLP, human escalation, and behavioral monitoring.
Because it hooks at the process level, the agent cannot route around it the way it could with in-prompt or middleware-based guardrails.
When to Use It
- Blocking an agent from calling tools outside its approved scope
- Detecting prompt injection attempts before a tool executes
- Reviewing audit logs after an unexpected agent action
- Redacting PII from tool output before it reaches the agent
- Triggering human review when an agent tries a tool for the first time
View original SKILL.md file
# GatewayStack Governance Deny-by-default governance for every tool call in OpenClaw. Five core checks run automatically on every invocation: 1. **Identity** — maps the agent to a policy role. Unknown agents are denied. 2. **Scope** — deny-by-default tool allowlist. Unlisted tools are blocked. 3. **Rate limiting** — per-user and per-session sliding window limits. 4. **Injection detection** — 40+ patterns from Cisco, Snyk, and Kaspersky research. 5. **Audit logging** — every decision recorded to append-only JSONL. Three opt-in features extend governance further: 6. **Output DLP** — scans tool output for PII using `@gatewaystack/transformabl-core`. Log or redact. 7. **Escalation** — human-in-the-loop review for medium-severity detections and first-time tool use. 8. **Behavioral monitoring** — detects anomalous tool usage patterns using `@gatewaystack/limitabl-core`. ## Install ```bash openclaw plugins install @gatewaystack/gatewaystack-governance ``` One command. Zero config. The core 5 checks are active on every tool call immediately. The plugin hooks into `before_tool_call` at the process level — the agent can't bypass it, skip it, or talk its way around it. ## Customize To override the defaults, create a policy file: ```bash cp ~/.openclaw/plugins/gatewaystack-governance/policy.example.json \ ~/.openclaw/plugins/gatewaystack-governance/policy.json ``` Configure which tools are allowed, who can use them, rate limits, injection detection sensitivity, and the three optional features (DLP, escalation, behavioral monitoring — all disabled by default). ## Optional GatewayStack packages The opt-in features use GatewayStack packages via lazy import. Install only what you need: ```bash npm install @gatewaystack/transformabl-core # for output DLP npm install @gatewaystack/limitabl-core # for behavioral monitoring ``` The core 5 checks have zero external dependencies and work without these packages. ## Links - [GitHub](https://github.com/davidcrowe/openclaw-gatewaystack-governance) — source, docs, getting started guide - [npm](https://www.npmjs.com/package/@gatewaystack/gatewaystack-governance) — package registry - MIT licensed
Example Workflow
Here's how your AI assistant might use this skill in practice.
User asks: Blocking an agent from calling tools outside its approved scope
- 1Blocking an agent from calling tools outside its approved scope
- 2Detecting prompt injection attempts before a tool executes
- 3Reviewing audit logs after an unexpected agent action
- 4Redacting PII from tool output before it reaches the agent
- 5Triggering human review when an agent tries a tool for the first time
Deny-by-default governance for every tool call — identity, scope, rate limiting, injection detection, audit.
Security Audits
These signals reflect official OpenClaw status values. A Suspicious status means the skill should be used with extra caution.