home / skills / openclaw / skills / chitin-moat
This skill enforces contextual permission boundaries for AI agents across channels, reducing social engineering by applying channel trust levels to
npx playbooks add skill openclaw/skills --skill chitin-moatReview the files below or copy the command above to add this skill to your agents.
---
name: chitin-moat
description: >
Enforce contextual permission boundaries for AI agents based on communication surface.
Constrains agent capabilities (exec, file I/O, secrets, messaging) by channel trust level
rather than message content, preventing social engineering and prompt injection in group chats.
Use when: (1) configuring agent permissions per channel/group, (2) setting up read-only mode
for public Discord/Telegram, (3) implementing sovereign/trusted/guarded/observer/silent trust
tiers, (4) auditing agent channel permissions, or (5) the user mentions "trust channels",
"channel permissions", or "read-only mode."
---
# Chitin Moat
Enforce contextual agent permissions based on where a conversation happens.
## Trust Levels
| Level | Name | Capabilities |
|-------|------|-------------|
| 0 | `sovereign` | Full autonomy (1:1 with verified owner) |
| 1 | `trusted` | Read/write, scoped tools, no secrets (private known group) |
| 2 | `guarded` | Respond on @mention only, no tools (semi-public) |
| 3 | `observer` | React only (public channels) |
| 4 | `silent` | No interaction (blocked surfaces) |
## Configuration
Create `chitin-trust-channels.yaml` in the agent workspace root:
```yaml
version: "0.1"
owner:
telegram: "<owner_user_id>"
channels:
- id: "telegram:<owner_user_id>"
level: sovereign
- id: "discord:<server_id>"
level: guarded
overrides:
- channel: "owners-lounge"
level: trusted
- channel: "pro-*"
level: trusted
- id: "telegram:group:*"
level: observer
defaults:
unknown_channel: observer
unknown_dm: guarded
```
## Setup
1. Copy the example config: `cp references/example-config.yaml chitin-trust-channels.yaml`
2. Edit with your channel IDs and owner identity
3. Run the validator: `python3 scripts/validate_config.py chitin-trust-channels.yaml`
4. Run the audit: `python3 scripts/audit_channels.py chitin-trust-channels.yaml`
## Permission Matrix
See `references/permission-matrix.md` for the full capability × trust-level matrix.
## Scripts
- `scripts/validate_config.py <config>` — Validate a trust channels config file
- `scripts/audit_channels.py <config>` — Audit current channel bindings against the config and report mismatches
- `scripts/resolve_channel.py <config> <channel_id>` — Resolve the trust level for a specific channel ID
## Integration with AGENTS.md
Add to the agent's workspace instructions:
```markdown
## Chitin Moat
Before responding in any channel, resolve the trust level using `chitin-trust-channels.yaml`.
Constrain capabilities to the resolved level. Never escalate beyond the channel ceiling.
```
This skill enforces contextual permission boundaries for AI agents based on the communication surface. It maps channels and groups to trust tiers and constrains capabilities (execution, file I/O, secrets, messaging) so agents cannot exceed the channel's allowed actions. The goal is to stop social engineering and prompt injection by making trust decisions independent of message content.
Define a YAML trust configuration that assigns channels to discrete levels (sovereign, trusted, guarded, observer, silent). The skill resolves a channel's trust level at runtime and applies a capability matrix that enables or disables agent features accordingly. Included scripts validate the config, audit channel bindings, and resolve channel trust for individual IDs.
How do I add a new platform or channel type?
Add an id pattern to the YAML config using the platform prefix (e.g., matrix:<room_id>) and assign a level; then validate and audit the configuration.
What happens if a channel is not listed?
The skill applies the configured default for unknown channels or DMs, so set conservative defaults to reduce risk.