🎁 Get the FREE AI Skills Starter Guide β€” Subscribe β†’
BytesAgainBytesAgain
πŸ¦€ ClawHub

Enterprise Legal Guardrails Public

by @lawyered0

Legal/compliance guardrails for outbound OpenClaw actions (anti-spam, defamation, privacy, financial claims).

Versionv1.0.20
Downloads1,871
Stars⭐ 2
Comments2
TERMINAL
clawhub install enterprise-legal-guardrails

πŸ“– About This Skill


name: enterprise-legal-guardrails description: Legal/compliance guardrails for outbound OpenClaw actions (anti-spam, defamation, privacy, financial claims).

Enterprise Legal Guardrails

Use this skill to preflight bot output before posting, messaging, or publishing anything that could create legal/compliance risk.

What it is

A generic outbound guardrail checker used by workflows before execute actions such as post/comment/message/chat/send in any app.

When to use

  • Before create_post, create_comment, send_message, or equivalent publish actions.
  • Before market-related commentary, strategy claims, or price/certainty statements.
  • Before HR-sensitive or workplace-adjacent messaging.
  • Before anti-spam or coordination-heavy communications.
  • Before handling or exposing personal identifiers.
  • Workflow

    1. Draft text. 2. Run the checker with the matching action/profile. 3. If result is PASS/WATCH, proceed. 4. If REVIEW, rewrite or route for human/legal review. 5. If BLOCK, do not execute.

    Use it as a shared OpenClaw outbound safety layer for any skill that publishes content. Babylon is only one current integration example, not the primary purpose of the skill.

    Quick usage

    python3 scripts/check_enterprise_guardrails.py \
      --action post \
      --app  \
      --policies social antispam hr \
      --text "Draft text here"
    

    python3 scripts/check_enterprise_guardrails.py \
      --action comment \
      --scope include \
      --apps whatsapp,telegram \
      --text "Draft text here"
    

    python3 scripts/check_enterprise_guardrails.py \
      --action market-analysis \
      --text "Market commentary..." \
      --json
    

    App scope (global filtering)

    Scope applies to any app-context passed with --app and these env vars (legacy names preserved for compatibility):

  • ENTERPRISE_LEGAL_GUARDRAILS_OUTBOUND_SCOPE (all|include|exclude)
  • ENTERPRISE_LEGAL_GUARDRAILS_OUTBOUND_APPS (comma-separated list)
  • BABYLON_GUARDRAILS_SCOPE
  • BABYLON_GUARDRAILS_OUTBOUND_SCOPE
  • BABYLON_GUARDRAILS_APPS
  • Examples:

  • all: check all outbound content.
  • include + whatsapp,email: only check those apps.
  • exclude + whatsapp,email,moltbook,babylon: everything except these apps.
  • If scope is omitted, default is all.

    Profiles

  • social: public social text, comments, announcements.
  • antispam: unsolicited/pumping/coordinating messaging.
  • hr: workplace, hiring, performance, or employee conduct language.
  • privacy: personally identifying data and private information disclosures.
  • market: market/financial claims and outcome assertions.
  • legal: legal conclusions/implication language.
  • If no profile is provided, defaults are derived from --action:

  • post|comment|message β†’ social,legal
  • trade|market-analysis β†’ market,financial
  • generic β†’ legal,social
  • Output

  • PASS: safe to execute
  • WATCH: low risk; optional rewrite
  • REVIEW: human/legal review recommended
  • BLOCK: do not execute
  • Tuning

    You can tune decision sensitivity via environment variables (or CLI flags in direct runs):

  • ENTERPRISE_LEGAL_GUARDRAILS_REVIEW_THRESHOLD (default: 5)
  • ENTERPRISE_LEGAL_GUARDRAILS_BLOCK_THRESHOLD (default: 9)
  • CLI overrides:

  • --review-threshold
  • --block-threshold
  • Legacy aliases are supported in legacy env names: ELG_* and BABYLON_GUARDRAILS_*.

    Universal outbound adapter (no-native integration path)

    For skills/tools without native guardrail hooks (for example: Gmail, custom website publishing, custom message bots), run outbound operations through the wrapper:

    python3 /path/to/enterprise-legal-guardrails/scripts/guard_and_run.py   --app    --action  --execute --text "$DRAFT"   -- 
    

    Examples:

    # Gmail via gog
    python3 /path/to/enterprise-legal-guardrails/scripts/guard_and_run.py   --app gmail --action message --execute --text "Hello, ..."   -- gog gmail send --to user@domain.com --subject "Update" --body "Hello, ..."

    Website/publication publish flow

    python3 /path/to/enterprise-legal-guardrails/scripts/guard_and_run.py --app website --action post --execute --text "$POST_COPY" -- npm run publish-post "$POST_COPY"

    Use this wrapper to apply the same policy checks in non-Babylon outbound flows.

    Compatibility

    Legacy name legal-risk-checker is preserved in OpenClaw workspaces that still reference it.

    References

    See references/guardrail-policy-map.md for the full policy rule set and suggested rewrites.

    Packaging

    A distributable bundle is available at:

  • dist/enterprise-legal-guardrails.skill
  • Hardening controls for guard_and_run.py

    For non-native outbound integrations, treat guard_and_run as an execution boundary. Recommended flags/env:

    Execution safety is allowlist-first by default. Wrapper requires explicit --allowed-command (or env alias) unless --allow-any-command is explicitly enabled.

  • --allow-any-command / ENTERPRISE_LEGAL_GUARDRAILS_ALLOW_ANY_COMMAND
  • - Explicitly bypass allowlist enforcement (unsafe; audit-first use only).
  • --suppress-allow-any-warning / ENTERPRISE_LEGAL_GUARDRAILS_SUPPRESS_ALLOW_ANY_WARNING
  • - Suppresses the runtime safety warning when --allow-any-command is intentionally enabled.
  • --allow-any-command-reason / ENTERPRISE_LEGAL_GUARDRAILS_ALLOW_ANY_COMMAND_REASON
  • - Mandatory rationale for any allow-any bypass invocation. Suggested format: SEC-1234: emergency fix.
  • --allow-any-command-approval-token / ENTERPRISE_LEGAL_GUARDRAILS_ALLOW_ANY_COMMAND_APPROVAL_TOKEN
  • - Mandatory approval token for any allow-any bypass invocation; stored as a short token fingerprint in audit logs.
  • --allowed-command / ENTERPRISE_LEGAL_GUARDRAILS_ALLOWED_COMMANDS
  • - Allow-list executables (supports comma/space lists and wildcards).
  • --execute / ENTERPRISE_LEGAL_GUARDRAILS_EXECUTE
  • - Enables execution after guard checks. Without this flag, runs are validation-only.
  • --strict / ENTERPRISE_LEGAL_GUARDRAILS_STRICT
  • - Escalate REVIEW to hard block.
  • --sanitize-env
  • --keep-env / --keep-env-prefix
  • --command-timeout, --checker-timeout, --max-text-bytes
  • --audit-log / ENTERPRISE_LEGAL_GUARDRAILS_AUDIT_LOG
  • These flags provide execution safety, command scoping, and immutable trail for post-incident review without changing checker logic.

    ⚑ When to Use

    TriggerAction
    - Before market-related commentary, strategy claims, or price/certainty statements.
    - Before HR-sensitive or workplace-adjacent messaging.
    - Before anti-spam or coordination-heavy communications.
    - Before handling or exposing personal identifiers.