OpenClaw Marshal
Define security policies for your workspace and audit compliance. Check installed skills against command, network, and data handling rules. Generate audit-ready compliance reports.
Why This Matters
Agent workspaces accumulate skills that execute commands, access the network, and handle data. Without a defined security policy, there is no way to know whether installed skills comply with your organization's requirements — or whether your workspace itself meets basic security hygiene standards.
This skill lets you define a policy once and audit everything against it.
Commands
Initialize Policy
Create a default security policy file (.marshal-policy.json) with sensible defaults.
python3 {baseDir}/scripts/marshal.py policy --init --workspace /path/to/workspace
Show Policy
Display the current active policy.
python3 {baseDir}/scripts/marshal.py policy --show --workspace /path/to/workspace
Policy Summary
Quick overview of loaded policy rules.
python3 {baseDir}/scripts/marshal.py policy --workspace /path/to/workspace
Full Compliance Audit
Audit all installed skills and workspace configuration against the active policy. Reports compliance score, violations, and recommendations.
python3 {baseDir}/scripts/marshal.py audit --workspace /path/to/workspace
Check Specific Skill
Check a single skill against the policy. Reports pass/fail per rule.
python3 {baseDir}/scripts/marshal.py check openclaw-warden --workspace /path/to/workspace
Generate Compliance Report
Produce a formatted, copy-pastable compliance report suitable for audit documentation.
python3 {baseDir}/scripts/marshal.py report --workspace /path/to/workspace
Quick Status
One-line summary: policy loaded, compliance score, critical violations count.
python3 {baseDir}/scripts/marshal.py status --workspace /path/to/workspace
Workspace Auto-Detection
If --workspace is omitted, the script tries:
OPENCLAW_WORKSPACEenvironment variable- Current directory (if AGENTS.md exists)
~/.openclaw/workspace(default)
What Gets Checked
| Category | Checks | Severity |
|---|---|---|
| Command Safety | Dangerous patterns (eval, exec, pipe-to-shell, rm -rf /) | CRITICAL |
| Command Policy | Blocked and review-required commands from policy | HIGH/MEDIUM |
| Network Policy | Domain allow/blocklists, suspicious TLD patterns | CRITICAL/HIGH |
| Data Handling | Secret scanner installed, PII scanner configured | HIGH/MEDIUM |
| Workspace Hygiene | .gitignore, audit trail (ledger), skill signing (signet) | HIGH/MEDIUM |
| Configuration | Debug modes, verbose logging left enabled | LOW |
Policy Format
The .marshal-policy.json file defines all rules:
- commands.allow — Permitted binaries
- commands.block — Blocked command patterns
- commands.review — Commands requiring human review
- network.allow_domains — Permitted network domains
- network.block_domains — Blocked domains
- network.block_patterns — Wildcard domain blocks (e.g.,
*.tk) - data_handling.pii_scan — Require PII scanning
- data_handling.secret_scan — Require secret scanning
- workspace.require_gitignore — Require .gitignore
- workspace.require_audit_trail — Require ledger
- workspace.require_skill_signing — Require signet
Exit Codes
0— Compliant, no issues1— Review needed (medium/high findings)2— Critical violations detected
No External Dependencies
Python standard library only. No pip install. No network calls. Everything runs locally.
Cross-Platform
Works with OpenClaw, Claude Code, Cursor, and any tool using the Agent Skills specification.