Invoke this when a team is about to run untrusted agent capabilities, connect MCP servers, enable new skills, or promote an agent workflow into a governed environment and needs policy checks, block/allow behavior, sandbox controls, and audit trails instead of relying on informal review.

Scope boundary: this is a security-governance workflow for agent deployments, not a generic Cisco product card or a broad SDK listing. The approved skill is constrained to admission scanning, runtime guardrail enforcement, sandbox policy, and evidence capture around agent components and tool calls.

Inputs and prerequisites: DefenseClaw CLI, Go gateway sidecar, policy rules, optional OpenClaw plugin, optional OTLP/Splunk/webhook sinks.

Setup notes: Follow the upstream install and quick-start docs for the Python CLI and gateway sidecar, run initial health/setup checks, scan candidate skills or MCP servers in observe mode first, then enable action-mode blocking only after policy review.

Source and verification boundary: use https://cisco-ai-defense.github.io/docs/defenseclaw as the canonical reference before running the workflow; keep commands, API calls, CLI usage, and generated outputs reviewable against that upstream source.

Framework fit: publish this as a Multi-Framework workflow only when the operator can invoke the documented toolchain directly, rather than treating the upstream project as a generic product listing.