Agent Permission Audit Kit 2026-05-12 — Release Notes
Release date: 2026-05-12
Version: 1.0
Price: $4.99
Category: security
Status: DOCS_COMPLETE / READY_FOR_LISTING
What it does
Agent Permission Audit Kit reviews an autonomous agent’s permissions before it is allowed near payments, procurement, identity, customer records, production systems, or other high-risk work. It turns a pasted policy, manifest, or evidence file into a clear risk verdict with the missing controls a human approver should require. The skill is built for governance teams that need fast, repeatable permission-boundary checks without touching live systems.
Use cases
- AI ops leads who need a quick approval gate before agents can spend money, deploy, delete, or access sensitive records.
- Finance, procurement, and identity teams that need evidence of least-privilege controls, human approval, scoped limits, and audit logging.
- Consultants packaging agent governance reviews who want a simple JSON report for client sign-off and remediation tracking.
Requirements
- OpenClaw v2026.3.23 or later recommended.
- Python 3.10+; uses only the Python standard library.
- No API keys required; local-only and non-destructive.
- Input must be inline text or a non-sensitive file inside the skill directory; hidden/sensitive filenames are refused.
Example usage
python3 scripts/agent_permission_audit.py --text "agent may issue Stripe refunds and approve supplier POs; human approval required; scoped allowlist; immutable audit logging"
Expected output excerpt:
{"status":"ok","verdict":"approve_with_controls","risk_score":3,"controls":{"human_approval":true,"scoped_limits":true,"audit_logging":true}}
Marketing copy
Agent Permission Audit Kit is a fast governance checkpoint for autonomous agents with risky authority. It spots payment, procurement, identity, production-write, and personal-data permissions, then tells operators whether the agent is low risk, approved with controls, or blocked until human approval, scoped limits, and audit logging are in place.
QA context
- Viper:
APPROVED_FOR_RELEASEintmp/20260512T0920Z-iceman-remediation/viper-all/summary.jsonafter 2026-05-12 remediation. - Warlock:
SECURITY_CLEAREDinmemory/warlock-security-audit-2026-05-12.md. - Release scope: docs and marketing only; no Stripe product creation, website deployment, or live publishing attempted by Hollywood.