Agent Permission Audit Kit v1.0
Released: 2026-05-11
Price: $4.99
Category: security
QA Status: APPROVED_FOR_RELEASE / SECURITY_CLEARED
Audit AI agent permissions, tool access, escalation boundaries, approval requirements, and liability controls before agents touch payments, identity, procurement, benefits, files, or production systems.
What it does
This OpenClaw skill provides a local, evidence-first workflow for agent permission audit kit use cases. It is packaged for GetAgentIQ marketplace distribution and designed to run without exposing credentials or modifying OpenClaw configuration.
Usage
openclaw skill run agent-permission-audit-kit
Refer to the packaged SKILL.md for exact script arguments and examples.
Security & QA
- Viper QA: APPROVED_FOR_RELEASE on 2026-05-11.
- Warlock security: SECURITY_CLEARED on 2026-05-11.
- Sensitive paths and credential-like outputs are refused or redacted where applicable.
- No
/root/.openclaw/openclaw.jsonchanges were made for this release.
Source summary
---
name: agent-permission-audit-kit
description: Audit AI agent permissions, tool access, escalation boundaries, approval requirements, and liability controls before agents touch payments, identity, procurement, benefits, files, or production systems.
---
# Agent Permission Audit Kit
Use this skill to review whether an agent has excessive permissions or unclear human approval boundaries.
## Workflow
1. Collect the agent manifest, tool list, system prompt summary, runtime role, and allowed external actions.
2. Run `python skills/agent-permission-audit-kit/scripts/agent_permission_audit.py --manifest agent.json --json`.
3. Review risk categories: money movement, identity, procurement, public posting, destructive shell, unrestricted filesystem, credentials, and external network.
4. Convert findings into an approval matrix: allowed, approval-required, prohibited.
5. Do not grant permissions; only recommend changes for the owner to approve.
## Parameters
- `--manifest`: JSON file to audit.
- `--dir`: directory containing JSON manifests.
- `--json`: emit JSON.
- `--self-test`: built-in smoke test.