openclaw-marshal

# OpenClaw Marshal

Define security policies for your workspace and audit compliance. Check installed skills against command, network, and data handling rules. Generate audit-ready compliance reports.

## Why This Matters

Agent workspaces accumulate skills that execute commands, access the network, and handle data. Without a defined security policy, there is no way to know whether installed skills comply with your organization's requirements — or whether your workspace itself meets basic security hygiene standards.

This skill lets you define a policy once and audit everything against it.

**Need active enforcement?** Upgrade to [openclaw-marshal-pro](https://github.com/AtlasPA/openclaw-marshal-pro) for hook-based blocking, auto-remediation, heartbeat integration, and compliance templates (GDPR, HIPAA, SOC2).

## Commands

### Initialize Policy

Create a default security policy file (`.marshal-policy.json`) with sensible defaults.

```bash
python3 {baseDir}/scripts/marshal.py policy --init --workspace /path/to/workspace
```

### Show Policy

Display the current active policy.

```bash
python3 {baseDir}/scripts/marshal.py policy --show --workspace /path/to/workspace
```

### Policy Summary

Quick overview of loaded policy rules.

```bash
python3 {baseDir}/scripts/marshal.py policy --workspace /path/to/workspace
```

### Full Compliance Audit

Audit all installed skills and workspace configuration against the active policy. Reports compliance score, violations, and recommendations.

```bash
python3 {baseDir}/scripts/marshal.py audit --workspace /path/to/workspace
```

### Check Specific Skill

Check a single skill against the policy. Reports pass/fail per rule.

```bash
python3 {baseDir}/scripts/marshal.py check openclaw-warden --workspace /path/to/workspace
```

### Generate Compliance Report

Produce a formatted, copy-pastable compliance report suitable for audit documentation.

```bash
python3 {baseDir}/scripts/marshal.py report --workspace /path/to/workspace
```

### Quick Status

One-line summary: policy loaded, compliance score, critical violations count.

```bash
python3 {baseDir}/scripts/marshal.py status --workspace /path/to/workspace
```

## Workspace Auto-Detection

If `--workspace` is omitted, the script tries:
1. `OPENCLAW_WORKSPACE` environment variable
2. Current directory (if AGENTS.md exists)
3. `~/.openclaw/workspace` (default)

## What Gets Checked

| Category | Checks | Severity |
|----------|--------|----------|
| **Command Safety** | Dangerous patterns (eval, exec, pipe-to-shell, rm -rf /) | CRITICAL |
| **Command Policy** | Blocked and review-required commands from policy | HIGH/MEDIUM |
| **Network Policy** | Domain allow/blocklists, suspicious TLD patterns | CRITICAL/HIGH |
| **Data Handling** | Secret scanner installed, PII scanner configured | HIGH/MEDIUM |
| **Workspace Hygiene** | .gitignore, audit trail (ledger), skill signing (signet) | HIGH/MEDIUM |
| **Configuration** | Debug modes, verbose logging left enabled | LOW |

## Policy Format

The `.marshal-policy.json` file defines all rules:

- **commands.allow** — Permitted binaries
- **commands.block** — Blocked command patterns
- **commands.review** — Commands requiring human review
- **network.allow_domains** — Permitted network domains
- **network.block_domains** — Blocked domains
- **network.block_patterns** — Wildcard domain blocks (e.g., `*.tk`)
- **data_handling.pii_scan** — Require PII scanning
- **data_handling.secret_scan** — Require secret scanning
- **workspace.require_gitignore** — Require .gitignore
- **workspace.require_audit_trail** — Require ledger
- **workspace.require_skill_signing** — Require signet

## Exit Codes

- `0` — Compliant, no issues
- `1` — Review needed (medium/high findings)
- `2` — Critical violations detected

## No External Dependencies

Python standard library only. No pip install. No network calls. Everything runs locally.

## Cross-Platform

Works with OpenClaw, Claude Code, Cursor, and any tool using the Agent Skills specification.