TrustSkills
BlogCompareGlossaryDetections

Definition

Operator controls

Deterministic controls implemented in code — outside the AI model — that govern what an agent is permitted to do. Operator controls include approval gates for high-risk actions, scoped API credentials, read-only file system access, network allowlists, and kill switches that override queued agent actions. OWASP and OpenClaw's own security documentation emphasize that operator controls are the authoritative boundary, not system prompt instructions, which can be overridden by prompt injection or context compaction.

Related terms

Excessive agency

OWASP's term (LLM06:2025) for the condition where an AI agent is granted more capabilities, permissi

Least privilege

A security principle requiring that every component in a system — including AI agent skills — operat

Trust boundary

A point in a system architecture where trust assumptions change — where data or control moves from a

Direct prompt injection

A prompt injection attack where the attacker places malicious instructions directly in the input sen

Scan a skill before you install it

TrustSkills detects the threats described in this glossary before you install a ClawHub skill. Free. No account required.

Run a free scan