什么是 Signet Guardian？

Signet Guardian 是一个强大的策略中间件，旨在管理由 AI 智能体发起的金融交易。作为关键的守门人，它确保每项支付行为都遵守用户定义的规则，包括单笔交易上限、每月预算和商户黑名单。该技能为财务安全提供了中心化的事实来源，防止自主智能体越权或进行未经授权的购买。

在您的 Openclaw Skills 套件中集成此工具，可为资金操作创建一个标准化的合约。其他具备支付能力的工具必须通过 Signet Guardian 进行路由，以执行预检和支付后日志记录。这种架构让开发者和用户感到安心，因为他们知道有一个可编程防火墙正在实时主动监控并限制智能体主导的支出。

下载入口:https://github.com/openclaw/skills/tree/main/skills/rafalzacher1/signet-guardian

安装与下载

1. ClawHub CLI

从源直接安装技能的最快方式。

2. 手动安装

将技能文件夹复制到以下位置之一

优先级：工作区 > 本地 > 内置

3. 提示词安装

将此提示词复制到 OpenClaw 即可自动安装。

Signet Guardian 应用场景

• 防止 AI 智能体超出每月订阅预算。
• 对任何超过特定金额阈值的交易要求人工手动确认。
• 阻止自动化工作流向特定商户或不可信服务付款。
• 为合规性维护一个关于所有成功和被拒绝支付尝试的中心化、不可篡改的审计追踪。
• 在多个智能体驱动的金融任务中强制执行货币一致性，以避免汇率转换错误。

1. 具备支付能力的技能使用 signet-preflight 命令发起预检请求，以检查金额、货币和收款人。
2. Signet Guardian 根据当前策略评估请求，并返回 ALLOW（允许）、DENY（拒绝）或 CONFIRM_REQUIRED（需要确认）的结果。
3. 如果需要确认，智能体必须暂停并在继续交易前获得用户的明确同意。
4. 支付成功执行后，调用方技能将调用 signet-record 来正式记录该交易。
5. 系统在文件锁下对每月上限进行最终检查，以确保在追加到账本前预算的完整性。

Signet Guardian 配置指南

要开始使用，请确保您的 references 目录中有一个有效的策略文件。您可以使用内置向导来配置您的支出限制和货币设置。

signet-policy --wizard

您也可以手动编辑策略或查看当前设置，以确保它们与您的 Openclaw Skills 环境保持一致：

signet-policy --show
signet-policy --edit

确保部署中的其他技能都已配置为在进行任何金融交互前调用 signet-preflight，以维护安全协议。

Signet Guardian 数据架构与分类体系

Signet Guardian 管理两个主要的数据结构：策略配置和交易账本。账本以严格的 JSONL 格式存储，以确保高性能的日志记录和可审计性。

每个账本条目包括时间戳（ISO 8601）、调用者技能名称、可选的幂等键、交易状态（已完成或被拒绝）、金额以及支付用途。

name: signet-guardian
description: "Payment guard middleware for AI agents. Use whenever any skill is about to initiate a payment. Runs a preflight check against the user's policy (payments enabled, per-transaction limit, monthly cap). Returns ALLOW, DENY, or CONFIRM_REQUIRED. Other payment-capable skills must call signet-preflight before proceeding and signet-record after a successful payment."
metadata: {"openclaw":{"emoji":"???","homepage":"https://getsignet.xyz"}}

Signet Guardian — Payment Guard Middleware

Overview

Signet Guardian is a policy firewall for money actions. It does not intercept payments at runtime by itself; payment-capable skills must route through it by contract:

1. Before any payment: call signet-preflight (amount, currency, payee, purpose).
2. If result is ALLOW or CONFIRM_REQUIRED (and user has confirmed): the skill may proceed.
3. If result is DENY: do not proceed; tell the user the reason.
4. After a successful payment: call signet-record to append to the ledger.

This gives one place to enforce: master switch (payments on/off), max per transaction (e.g. ￡20), max per month (e.g. ￡500), and optional confirmation above a threshold (e.g. ￡5).

Concurrency: Preflight is advisory (no lock). Record enforces the monthly cap under a file lock ({baseDir}/references/.ledger.lock): it re-checks the cap before appending and refuses to record if the month would be exceeded. So the monthly limit is enforced at record time; idempotency and cap are both safe under concurrent calls. Preflight can still be used to fail fast; the definitive check is in record.

Currency: No FX conversion. The request currency must match the policy currency; otherwise preflight returns DENY. Conversion source/rules are not defined.

Policy (user configuration)

Source of truth: OpenClaw config first (signet.policy in the main config, e.g. editable in the Control UI if the extension is installed), then fallback to {baseDir}/references/policy.json. OpenClaw sets {baseDir} via OPENCLAW_SKILL_DIR or OPENCLAW_BASE_DIR.

Default behaviour: If the policy file is missing or invalid, preflight returns DENY (default-deny).

Commands

signet-preflight

Run before initiating any payment. Validates: payments enabled, currency match, amount > 0 and ≤ max per transaction, (current month spend + amount) ≤ max per month, and optional merchant rules. Optionally requires explicit confirmation above a threshold. Amount must be greater than zero.

signet-preflight --amount 15 --currency GBP --payee "shop.example.com" --purpose "Subscription"

Optional:

• --idempotency-key "unique-key" — Used when recording later to avoid duplicate ledger entries.
• --caller-skill "skill-name" — Name of the skill invoking the guard (for audit).

Output (JSON):

• { "result": "ALLOW", "reason": "Within policy" } — Proceed with the payment.
• { "result": "CONFIRM_REQUIRED", "reason": "..." } — Ask the user for explicit confirmation; if they agree, proceed then call signet-record. (Confirmation is the caller’s responsibility.)
• { "result": "DENY", "reason": "..." } — Do not proceed. Notify the user.

Every DENY is logged to the audit trail.

Exit code: 0 for ALLOW or CONFIRM_REQUIRED, 1 for DENY.

signet-record

Call after a payment has successfully been made. Appends one line to the ledger (append-only). If an idempotency key was used in preflight, pass the same key here to avoid double-counting.

Record validation scope: signet-record re-checks only currency and monthly cap (under lock). It does not re-check paymentsEnabled or merchant allow/block lists. Policy enforcement (switch, merchants, per-tx limit) is done at preflight (and in an optional future authorize phase). Record is the post-success log; the cap check at record time prevents double-counting when concurrent preflights both allowed.

signet-record --amount 15 --currency GBP --payee "shop.example.com" --purpose "Subscription" --idempotency-key "sub-123"

Optional: --caller-skill "skill-name" for audit.

If the same idempotency-key was already recorded, the command is a no-op (idempotent).

signet-report

Shows spending and transaction history for the user.

signet-report --period today
signet-report --period month

signet-policy

Show, edit, or configure policy via wizard.

signet-policy --show    # Print current policy (config, then file)
signet-policy --edit    # Open policy.json in $EDITOR
signet-policy --wizard  # Interactive step-by-step setup (no JSON)
signet-policy --migrate-file-to-config  # One-time: copy file policy into OpenClaw config

Audit (ledger and deny log)

Ledger file: {baseDir}/references/ledger.jsonl. Format is strict JSONL: one JSON object per line, newline-separated (no space between entries). Each line contains:

• ts — Timestamp UTC (ISO 8601).
• callerSkill — Optional; skill that invoked preflight/record.
• idempotencyKey — Optional; dedupe key for record.
• status — completed or denied.
• reason — Decision reason (especially for denials).
• Plus: amount, currency, payee, purpose.

All preflight denials are appended to the same ledger with status: "denied" and a reason.

Critical Rules (for the agent)

1. Never skip preflight — Any payment from any skill must go through signet-preflight first. No exceptions.
2. Respect DENY — If preflight returns DENY, do not attempt the payment. Tell the user the reason.
3. CONFIRM_REQUIRED — If preflight returns CONFIRM_REQUIRED, ask the user explicitly (“Allow this payment of ￡X to Y?”). Only proceed if they confirm, then call signet-record.
4. Always record success — After a successful payment, call signet-record with the same amount, currency, payee, purpose, and idempotency key (if used).
5. Idempotency — For critical flows, use a stable --idempotency-key (e.g. order ID or request ID) so retries do not double-count in the monthly total.
6. Default-deny — If the policy file is missing or corrupt, the skill denies by default.
7. Record is authoritative for cap only — The monthly cap is enforced when recording (under lock). If signet-record fails with a cap error, the payment already happened; do not retry without user confirmation. For cap-safe flows before payment, a future authorize (reservation under lock) then settle (convert reservation to completed) pattern can reserve budget before the payment is made.

First Run

On first use, the user must have a valid {baseDir}/references/policy.json. Run signet-policy --show to see current policy; if missing, create it (e.g. via signet-policy --edit) with at least:

• paymentsEnabled: true/false
• maxPerTransaction: number
• maxPerMonth: number
• currency: e.g. "GBP"
• requireConfirmationAbove: number (e.g. 5)

Ledger lives at {baseDir}/references/ledger.jsonl; no extra setup required.