AANA Tool Use Gate Skill

# AANA Tool Use Gate Skill

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "AANA Tool Use Gate Skill" with this command: npx skills add mindbomber/aana-tool-use-gate

AANA Tool Use Gate Skill

Use this skill when an OpenClaw-style agent may call a tool, connector, API, browser action, shell, file operation, email/calendar action, repository action, database action, payment action, deployment action, or any capability that can read, write, send, publish, delete, modify, or affect external state.

This is an instruction-only skill. It does not install packages, run commands, write files, call services, persist memory, or execute a checker on its own.

Core Principle

Tool calls should be necessary, scoped, authorized, data-minimized, and safe before use.

The agent should separate:

  • actions that can be answered without tools,
  • read-only tools,
  • write or state-changing tools,
  • external-send or publishing tools,
  • destructive or irreversible tools,
  • tools that expose private data,
  • tools that require explicit approval,
  • tools that should be refused or deferred.

When To Use

Use this skill before:

  • reading private files, inboxes, calendars, drives, tickets, databases, repositories, logs, accounts, or records,
  • writing, editing, deleting, moving, publishing, sending, booking, buying, subscribing, renewing, deploying, committing, pushing, or opening pull requests,
  • using browser automation, API connectors, local shell, local scripts, external services, cloud resources, or third-party apps,
  • using tools that could reveal secrets, personal data, customer data, medical data, legal data, financial data, or private messages,
  • expanding from a narrow user request into broad search, bulk action, or cross-system action.

Tool Risk Classes

Treat these as higher risk:

  • destructive actions: delete, overwrite, reset, drop, revoke, cancel, terminate,
  • external actions: send, publish, post, upload, share, invite, email, message,
  • financial actions: purchase, book, reserve, renew, subscribe, refund, transfer,
  • code/repo actions: commit, push, merge, tag, release, deploy, change CI/CD,
  • private-data actions: read mail, files, chats, calendars, account records, customer records, health, legal, financial, HR, student, or personal data,
  • broad actions: recursive, bulk, wildcard, all records, all files, whole inbox, whole database,
  • privileged actions: permissions, credentials, production systems, admin settings, cloud resources.

AANA Tool Gate Loop

  1. Identify the proposed tool and the exact operation.
  2. Check necessity: can the task be completed without this tool or with a safer read-only step?
  3. Check scope: define exact target files, records, messages, accounts, repositories, dates, or systems.
  4. Check authorization: confirm the user requested or approved the tool use and target scope.
  5. Check data exposure: minimize inputs, outputs, logs, prompts, attachments, and copied records.
  6. Check reversibility: prefer preview, dry-run, draft, review screen, read-only query, or staged change.
  7. Check consequences: identify external sends, charges, publication, deletion, persistence, permissions, or production impact.
  8. Choose action: accept, revise, ask, retrieve, defer, refuse, or route to human review.

Required Pre-Tool Checks

Before using a tool, verify:

  • tool name or capability,
  • intended operation,
  • exact target scope,
  • why the tool is necessary,
  • whether the tool is read-only or state-changing,
  • whether the user explicitly authorized the action,
  • what private data may be read, sent, logged, or exposed,
  • whether a safer alternative exists,
  • whether the action is reversible,
  • whether the action affects external systems or other people.

Necessity Rules

Do not use a tool when:

  • the answer can be given from already available evidence,
  • the tool would collect private data not needed for the task,
  • the user asked for a conceptual explanation only,
  • the tool would expand scope beyond the user request,
  • a lower-risk tool or read-only step is enough.

Prefer:

  • read before write,
  • preview before submit,
  • draft before send,
  • list before bulk action,
  • diff before overwrite,
  • narrow query before broad search,
  • user confirmation before irreversible state change.

Authorization Rules

Ask for explicit approval before:

  • sending messages, emails, posts, invites, or external notifications,
  • deleting, overwriting, moving, or bulk-editing files or records,
  • committing, pushing, merging, releasing, deploying, or changing production state,
  • buying, booking, subscribing, renewing, transferring, refunding, or charging money,
  • reading private accounts, inboxes, health/legal/financial/customer records when not clearly needed,
  • changing permissions, credentials, settings, policies, or access.

Approval should name the tool, operation, and target scope:

Please confirm: use the calendar tool to create one event titled "Project review" on May 6 at 2 PM for the listed attendees.

Data Minimization Rules

Do not pass unnecessary private data into tool inputs or logs.

Minimize:

  • secrets, tokens, passwords, keys, cookies, auth headers,
  • payment data, bank details, account IDs, tax IDs, government IDs,
  • health, legal, financial, HR, student, customer, or personal records,
  • full logs, full transcripts, full directory dumps, full inbox exports,
  • unrelated files, messages, records, or attachments.

Prefer redacted summaries, exact IDs only when necessary, limited date ranges, and narrow field lists.

Refusal And Deferral Rules

Refuse or defer tool use when:

  • the user did not authorize a risky action,
  • the target scope is ambiguous,
  • the tool could harm unrelated files, accounts, systems, or people,
  • the action would bypass consent, policy, review, or safety boundaries,
  • the request involves credential theft, fraud, evasion, harassment, exfiltration, or unauthorized access,
  • a qualified professional, administrator, or verified system must review the action first.

Review Payload

When using a configured AANA checker, send only a minimal redacted review payload:

  • task_summary
  • tool_name
  • operation_summary
  • target_scope
  • necessity_status
  • authorization_status
  • data_exposure_status
  • reversibility_status
  • risk_classes
  • recommended_action

Do not include raw secrets, credentials, full private records, full logs, full transcripts, full directory dumps, or unrelated private data when a redacted summary is enough.

Decision Rule

  • If the tool is necessary, narrow, authorized, data-minimized, and reversible or low-risk, accept.
  • If the tool is useful but too broad, revise to a narrower read-only or preview step.
  • If authorization, target scope, or data exposure is unclear, ask.
  • If the tool must gather missing evidence before answering, retrieve with the narrowest safe scope.
  • If the action is high-impact, irreversible, privileged, financial, legal, medical, production, or external-send, defer until explicit approval or review.
  • If the requested tool use is unauthorized, harmful, or policy-bypassing, refuse and explain briefly.
  • If a checker is unavailable or untrusted, use manual tool-use review.

Output Pattern

For tool-sensitive work, prefer:

Tool gate:
- Tool: ...
- Operation: ...
- Target scope: ...
- Necessity: ...
- Authorization: ...
- Data exposure: ...
- Reversibility: ...
- Decision: accept / revise / ask / retrieve / defer / refuse

Do not include this gate in the user-facing answer unless the workflow requires it or approval is needed.

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

General

Shortcut

Manage stories on Shortcut.com kanban boards. Use when creating, updating, or listing tasks/stories on Shortcut project management boards. Supports creating stories with descriptions and types (feature/bug/chore), updating story status, and listing active/completed stories. Includes full checklist task management and comment support.

Registry SourceRecently Updated
2.2K1catwalksophie
General

QA测试主管 测试策略治理

QA lead skill for test strategy, coverage planning, risk-based validation design, and cross-role quality governance.

Registry SourceRecently Updated
00aiweline
General

File Deduplicator

Find and remove duplicate files intelligently. Save storage space, keep your system clean. Perfect for digital hoarders and document management.

Registry SourceRecently Updated
2.8K7michael-laffin
General

Product Description Generator

Generate SEO-optimized product descriptions for e-commerce platforms (Amazon, Shopify, eBay, Etsy). Create compelling, conversion-focused copy with keywords, features, benefits, and calls-to-action. Use when creating product listings, optimizing existing descriptions, or generating bulk product copy.

Registry SourceRecently Updated
1.9K4michael-laffin