Enterprise Legal Guardrails Public
by @lawyered0
Legal/compliance guardrails for outbound OpenClaw actions (anti-spam, defamation, privacy, financial claims).
clawhub install enterprise-legal-guardrailsπ About This Skill
name: enterprise-legal-guardrails description: Legal/compliance guardrails for outbound OpenClaw actions (anti-spam, defamation, privacy, financial claims).
Enterprise Legal Guardrails
Use this skill to preflight bot output before posting, messaging, or publishing anything that could create legal/compliance risk.
What it is
A generic outbound guardrail checker used by workflows before execute actions such as post/comment/message/chat/send in any app.When to use
create_post, create_comment, send_message, or equivalent publish actions.Workflow
1. Draft text. 2. Run the checker with the matching action/profile. 3. If result is PASS/WATCH, proceed. 4. If REVIEW, rewrite or route for human/legal review. 5. If BLOCK, do not execute.
Use it as a shared OpenClaw outbound safety layer for any skill that publishes content. Babylon is only one current integration example, not the primary purpose of the skill.
Quick usage
python3 scripts/check_enterprise_guardrails.py \
--action post \
--app \
--policies social antispam hr \
--text "Draft text here"
python3 scripts/check_enterprise_guardrails.py \
--action comment \
--scope include \
--apps whatsapp,telegram \
--text "Draft text here"
python3 scripts/check_enterprise_guardrails.py \
--action market-analysis \
--text "Market commentary..." \
--json
App scope (global filtering)
Scope applies to any app-context passed with --app and these env vars (legacy names preserved for compatibility):
ENTERPRISE_LEGAL_GUARDRAILS_OUTBOUND_SCOPE (all|include|exclude)ENTERPRISE_LEGAL_GUARDRAILS_OUTBOUND_APPS (comma-separated list)BABYLON_GUARDRAILS_SCOPEBABYLON_GUARDRAILS_OUTBOUND_SCOPEBABYLON_GUARDRAILS_APPSExamples:
all: check all outbound content.include + whatsapp,email: only check those apps.exclude + whatsapp,email,moltbook,babylon: everything except these apps.If scope is omitted, default is all.
Profiles
social: public social text, comments, announcements.antispam: unsolicited/pumping/coordinating messaging.hr: workplace, hiring, performance, or employee conduct language.privacy: personally identifying data and private information disclosures.market: market/financial claims and outcome assertions.legal: legal conclusions/implication language.If no profile is provided, defaults are derived from --action:
post|comment|message β social,legaltrade|market-analysis β market,financialgeneric β legal,socialOutput
PASS: safe to executeWATCH: low risk; optional rewriteREVIEW: human/legal review recommendedBLOCK: do not executeTuning
You can tune decision sensitivity via environment variables (or CLI flags in direct runs):
ENTERPRISE_LEGAL_GUARDRAILS_REVIEW_THRESHOLD (default: 5)ENTERPRISE_LEGAL_GUARDRAILS_BLOCK_THRESHOLD (default: 9)CLI overrides:
--review-threshold--block-thresholdLegacy aliases are supported in legacy env names: ELG_* and BABYLON_GUARDRAILS_*.
Universal outbound adapter (no-native integration path)
For skills/tools without native guardrail hooks (for example: Gmail, custom website publishing, custom message bots), run outbound operations through the wrapper:
python3 /path/to/enterprise-legal-guardrails/scripts/guard_and_run.py --app --action --execute --text "$DRAFT" --
Examples:
# Gmail via gog
python3 /path/to/enterprise-legal-guardrails/scripts/guard_and_run.py --app gmail --action message --execute --text "Hello, ..." -- gog gmail send --to user@domain.com --subject "Update" --body "Hello, ..."Website/publication publish flow
python3 /path/to/enterprise-legal-guardrails/scripts/guard_and_run.py --app website --action post --execute --text "$POST_COPY" -- npm run publish-post "$POST_COPY"
Use this wrapper to apply the same policy checks in non-Babylon outbound flows.
Compatibility
Legacy name legal-risk-checker is preserved in OpenClaw workspaces that still reference it.
References
See references/guardrail-policy-map.md for the full policy rule set and suggested rewrites.
Packaging
A distributable bundle is available at:
dist/enterprise-legal-guardrails.skillHardening controls for guard_and_run.py
For non-native outbound integrations, treat guard_and_run as an execution
boundary. Recommended flags/env:
Execution safety is allowlist-first by default. Wrapper requires explicit
--allowed-command (or env alias) unless --allow-any-command is explicitly enabled.
--allow-any-command / ENTERPRISE_LEGAL_GUARDRAILS_ALLOW_ANY_COMMAND--suppress-allow-any-warning / ENTERPRISE_LEGAL_GUARDRAILS_SUPPRESS_ALLOW_ANY_WARNING--allow-any-command is intentionally enabled.
--allow-any-command-reason / ENTERPRISE_LEGAL_GUARDRAILS_ALLOW_ANY_COMMAND_REASONallow-any bypass invocation. Suggested format: SEC-1234: emergency fix.
--allow-any-command-approval-token / ENTERPRISE_LEGAL_GUARDRAILS_ALLOW_ANY_COMMAND_APPROVAL_TOKENallow-any bypass invocation; stored as a short token fingerprint in audit logs.
--allowed-command / ENTERPRISE_LEGAL_GUARDRAILS_ALLOWED_COMMANDS--execute / ENTERPRISE_LEGAL_GUARDRAILS_EXECUTE--strict / ENTERPRISE_LEGAL_GUARDRAILS_STRICTREVIEW to hard block.
--sanitize-env--keep-env / --keep-env-prefix --command-timeout, --checker-timeout, --max-text-bytes--audit-log / ENTERPRISE_LEGAL_GUARDRAILS_AUDIT_LOGThese flags provide execution safety, command scoping, and immutable trail for post-incident review without changing checker logic.