home / skills / openclaw / skills / agent-safety

agent-safety skill

safe

/skills/compass-soul/agent-safety

This skill enforces automated outbound safety by blocking commits containing keys, tokens, or PII at the git level.

npx playbooks add skill openclaw/skills --skill agent-safety

Review the files below or copy the command above to add this skill to your agents.

Files (6)

SKILL.md

2.3 KB

---
name: agent-safety
description: Outbound safety for autonomous AI agents — scans YOUR output before it leaves the machine. Git pre-commit hooks that automatically block commits containing API keys, tokens, PII, or secrets. Unlike inbound scanners (Skillvet, IronClaw), this protects against what YOU accidentally publish. Use when committing to git repos, publishing to GitHub, or running periodic system health checks. Automated enforcement at the git level — not prompts.
---

# Agent Safety

Automated safety tools for autonomous AI agents. The principle: **don't rely on prompts for safety — automate enforcement.**

All scripts are in this skill's `scripts/` directory. When OpenClaw loads this skill, resolve paths relative to this file's location.

## Pre-Publish Security Scan

Scans files for secrets, PII, and internal paths before publishing.

```bash
bash scripts/pre-publish-scan.sh <file-or-directory>
```

**Detects:**
- API keys (AWS, GitHub, Anthropic, OpenAI, generic patterns)
- Private keys (PEM blocks), Bearer tokens, hardcoded passwords
- Email addresses, phone numbers, SSNs, credit card patterns
- Physical addresses, name fields
- Home directory paths, internal config paths

**Exit 0** = clean. **Exit 1** = blocking issues found, do not publish.

## Git Pre-Commit Hook

Install once per repo. Automatically scans staged files on every commit:

```bash
bash scripts/install-hook.sh <repo-path>
```

- Scans staged content (what's being committed, not working tree)
- Blocks commit if secrets or SSNs found
- Flags PII for review
- Only bypassed with explicit `git commit --no-verify`

**Install this on every repo you work with.** It's the real guardrail.

## Health Check

System monitoring for disk, workspace, security, and updates:

```bash
bash scripts/health-check.sh
```

**Checks:** Disk usage, workspace size, memory file growth, OpenClaw version, macOS updates, firewall status, SIP status.

Run periodically (every few heartbeats). Watch for warnings.

## Rules

1. Run pre-publish scan before ANY external publish action
2. Install pre-commit hook on EVERY repo you work with
3. Blocking issues (secrets, SSNs) must be fixed — no override
4. Review items (emails, paths) need human judgment
5. If a secret was ever committed, it's compromised — rotate immediately

Overview

This skill provides outbound safety for autonomous AI agents by scanning your outputs before they leave the machine. It installs git-level enforcement and command-line checks to block commits containing API keys, tokens, PII, or other secrets. Use it to prevent accidental publishing of sensitive data and to run routine system health checks.

How this skill works

The skill offers a pre-publish scanner, a git pre-commit hook, and a system health check. The pre-publish scanner inspects files or directories for API keys, private keys, tokens, PII, and internal paths. The git hook scans staged content and blocks commits when blocking issues are detected. The health check monitors disk, workspace growth, and system security status for operational warnings.

When to use it

Before publishing code or assets to remote services or public repositories
When committing changes to any git repository to stop secrets from being committed
As part of CI or local pre-publish pipelines to enforce automated checks
During periodic system health audits to detect workspace or security issues
When onboarding new projects to ensure a baseline safety posture

Best practices

Install the pre-commit hook on every repository you actively work with
Run the pre-publish scan on any file or directory before external publication
Treat any discovered secret as compromised and rotate credentials immediately
Review flagged PII and contextual matches manually; only hard matches should block
Automate periodic health-check runs and surface warnings to developers

Example use cases

Blocking a commit that accidentally contains an AWS or OpenAI API key
Scanning a release bundle before publishing a package to a public registry
Running a nightly health check to detect runaway log growth or low disk space
Enforcing team-wide policy so secrets never reach remote git hosting
Auditing a workspace for exposed personal data or internal config paths

FAQ

What kinds of secrets are detected?

The scanner detects API keys (AWS, GitHub, OpenAI, Anthropic, generic patterns), private PEM blocks, Bearer tokens, hardcoded passwords, SSNs, credit card patterns, emails, phone numbers, and internal paths.

Can the hook be bypassed if needed?

Yes. The hook can be bypassed with an explicit git commit --no-verify, but blocking issues (secrets, SSNs) should be fixed rather than bypassed.