feat: add expansion-grant-guard skill#43
Merged
ArchieIndian merged 1 commit intoclaude/festive-moorefrom Mar 16, 2026
Merged
Conversation
…token budgets YAML-based grant ledger that issues time-limited, token-budgeted permission grants for sub-agent expansions. Supports issuance, validation, consumption tracking, revocation, and auto-expiry sweeps. Inspired by lossless-claw's delegation grant system. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
ArchieIndian
added a commit
that referenced
this pull request
Mar 16, 2026
* Add skill-doctor: diagnose silent skill discovery failures Runs 6 diagnostic checks per skill (YAML parse, required fields, path conventions, cron format, stateful coherence, schema validity). Exits 1 when FAILs are present — suitable as a post-install gate in install.sh. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * Add installed-skill-auditor: weekly post-install security audit Detects INJECTION, CREDENTIAL, EXFILTRATION, DRIFT, and ORPHAN issues in all installed skills. Maintains content baselines for drift detection. Cron: Mondays 9am. Exits 1 on CRITICAL findings. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * Add skill-trigger-tester: validate description trigger quality before publish Scores a skill's description against should-fire/should-not-fire prompt sets. Computes precision, recall, F1, and assigns a grade A–F. Exits 1 on grade C or lower, suitable as a pre-publish gate. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * Add skill-loadout-manager: named skill profiles to manage context bloat Defines and switches between curated skill subsets (loadouts). Ships 4 presets (minimal, coding, research, ops) and estimates token savings per loadout vs. all-skills-active mode. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * Add skill-compatibility-checker: detect version/feature incompatibilities Reads requires_openclaw + requires_features frontmatter fields and compares against detected (or overridden) OpenClaw version. Ships feature registry with 5 runtime capabilities and their introduction versions. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * Add skill-conflict-detector: detect name shadowing and description overlap (#21) Detects NAME_SHADOW (CRITICAL), EXACT_DUPLICATE (CRITICAL), HIGH_OVERLAP (HIGH), and MEDIUM_OVERLAP (MEDIUM) conflicts between installed skills using Jaccard similarity on description tokens. Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * Add heartbeat-governor: per-skill execution budgets for cron skills (#22) Tracks 30-day rolling spend and wall-clock time per scheduled skill. Auto-pauses skills that exceed monthly/per-run budgets. Cron: every hour. Supports manual pause/resume and per-skill budget overrides. Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * Add skill-portability-checker: validate OS/binary dependencies in scripts (#23) Detects OS_SPECIFIC_CALL, MISSING_BINARY, BREW_ONLY, PYTHON_IMPORT, and HARDCODED_PATH issues in companion scripts. Cross-checks against os_filter: frontmatter field. No external dependencies. Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * Update README: document all 39 skills across 3 categories Adds 8 new integration-focused skills to the tables: - Core: skill-trigger-tester, skill-conflict-detector, skill-portability-checker - OpenClaw-native: skill-doctor, installed-skill-auditor, skill-loadout-manager, skill-compatibility-checker, heartbeat-governor Expands security section from 3 to 5 skills (adds installed-skill-auditor, skill-doctor). Updates companion script list and total skill counts. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * Add community-skill-radar: scan Reddit for skill ideas every 3 days (#26) Searches 5 subreddits (openclaw, LocalLLaMA, ClaudeAI, MachineLearning, AIAgents) via Reddit's public JSON API. Scores candidates by upvotes, comments, recurrence, and keyword density. Writes prioritized PROPOSALS.md for review. Cron: every 3 days at 9am. Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * Update README: add community-skill-radar (40 skills total) Adds community-skill-radar to the OpenClaw-Native table (24 skills), updates companion script list with radar.py, bumps total to 40 skills. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * Add config-encryption-auditor skill (#29) Scans ~/.openclaw/ config files for plaintext API keys, tokens, and world-readable permissions. Suggests environment variable migration. Cron runs Sundays 9am. Companion script: audit.py with --scan, --fix-permissions, --suggest-env, --status commands. Inspired by OpenLobster's AES-GCM config encryption layer. Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> * Add tool-description-optimizer skill (#30) Scores skill descriptions for trigger quality across 5 dimensions: clarity, specificity, keyword density, uniqueness, and length. Grades A-F with concrete rewrite suggestions. Companion script: optimize.py with --scan, --skill, --suggest, --compare, --status. Inspired by OpenLobster's tool-description scoring layer. Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> * Add mcp-health-checker skill (#31) Monitors MCP server connections for health, latency, and availability. Probes stdio servers via JSON-RPC initialize and HTTP servers via GET. Detects stale connections, timeouts, unreachable servers. Cron runs every 6 hours. Companion script: check.py with --ping, --config, --status, --history commands. Inspired by OpenLobster's MCP connection health monitoring. Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> * Update README: 40 → 44 skills (4 OpenLobster-inspired additions) Add memory-graph-builder, config-encryption-auditor, tool-description-optimizer, and mcp-health-checker to the OpenClaw-Native table. Update security section to 6 skills. Update companion scripts list. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Add memory-graph-builder: structured knowledge graph from MEMORY.md (#28) Parses flat MEMORY.md into nodes with categories, entities, and typed relationships. Detects duplicates (Jaccard >0.7), contradictions, and stale entries. Generates compressed memory digest saving 30-60% tokens. Inspired by OpenLobster's Neo4j graph memory. Cron: nightly 10pm. Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * Rewrite README for maximum discoverability Restructured with SEO-rich opening, badges, comparison table, architecture diagram, use cases section, and defense-in-depth security overview. Leads with value proposition instead of implementation details. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Add memory-dag-compactor skill (#35) Builds hierarchical summary DAGs from MEMORY.md with depth-aware prompts (d0 leaf → d3+ durable). Supports search, tree visualization, inspect, and dissolve. Cron nightly 11pm. Companion script: compact.py. Inspired by lossless-claw's DAG-based summarization hierarchy. Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> * Add large-file-interceptor skill (#36) Detects oversized files that would blow the context window, generates structural exploration summaries (JSON schema, CSV columns, Python imports, log patterns), and stores compact reference cards. Supports scan, summarize, restore, and audit. No cron — invoked on demand. Inspired by lossless-claw's large file interception layer. Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> * Add context-assembly-scorer skill (#37) Scores how well current context represents full conversation history. 5 dimensions: topic coverage, recency bias, entity continuity, decision retention, task continuity. Detects blind spots — topics the agent has effectively forgotten. Cron every 4h. Inspired by lossless-claw's context assembly system. Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> * Add compaction-resilience-guard skill (#38) Monitors compaction for failures (empty, inflation, garbled, repetition) and enforces a 3-level fallback chain: normal → aggressive → deterministic truncation. Ensures compaction always makes forward progress. Inspired by lossless-claw's three-level escalation system. Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> * Add memory-integrity-checker skill (#39) Validates memory summary DAGs with 8 structural checks: orphan nodes, circular references, token inflation, broken lineage, stale active, empty nodes, duplicate edges, depth mismatch. Auto-fixes safe issues. Cron Sundays 3am. Inspired by lossless-claw's DAG integrity checking system. Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> * Update README: 44 → 49 skills (5 lossless-claw-inspired additions) Add memory-dag-compactor, large-file-interceptor, context-assembly-scorer, compaction-resilience-guard, and memory-integrity-checker. Update badges, comparison table, architecture diagram, companion scripts list. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * feat: add session-persistence skill — SQLite message persistence with FTS5 search (#41) Imports OpenClaw session transcripts into a local SQLite database with full-text search, making the agent's entire history queryable across all sessions. Inspired by lossless-claw's SQLite persistence layer. Includes persist.py with --import, --search, --recent, --conversation, --stats, --export, --status commands. Cron every 15 minutes for incremental import. Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> * feat: add dag-recall skill — walk memory DAG to recall detailed context on demand (#42) Queries the hierarchical summary DAG built by memory-dag-compactor, expands matches from high-level to detailed nodes, and assembles cited answers. Includes FTS5 search, LRU cache, ancestor tracing, and token budget control. Inspired by lossless-claw's sub-agent recall pattern. Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> * feat: add expansion-grant-guard skill — delegation grant ledger with token budgets (#43) YAML-based grant ledger that issues time-limited, token-budgeted permission grants for sub-agent expansions. Supports issuance, validation, consumption tracking, revocation, and auto-expiry sweeps. Inspired by lossless-claw's delegation grant system. Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> * docs: update README to 52 skills — add session-persistence, dag-recall, expansion-grant-guard Updates all counts (skills 49→52, cron 15→16, scripts 20→23, native 33→36), adds 3 new lossless-claw-inspired skills to the table, adds comparison features for SQLite persistence and sub-agent recall, credits lossless-claw. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
--issue,--validate,--consume,--revoke,--list,--sweep,--audit,--stats,--statusTest plan
bash scripts/validate-skills.shpassespython3 guard.py --helpshows usage🤖 Generated with Claude Code