chitin-moat
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent channel-permission policy helper with no evidence of exfiltration or destructive code, but users should carefully configure any channel marked as fully trusted.
This skill appears safe to install if you want channel-based permission boundaries. Before relying on it, carefully edit the channel IDs, keep unknown channels at observer or guarded, assign sovereign only to a verified owner surface, and protect the trust config and AGENTS.md from unauthorized changes.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you mark the wrong channel or identity as sovereign, the agent may treat that surface as fully authorized.
The skill's trust model grants full authority to channels or identities configured as sovereign. This is central to the skill's purpose, but a mistaken owner ID or channel mapping could give excessive authority.
| 0 | `sovereign` | Full autonomy (1:1 with verified owner) |
Only assign sovereign to a verified owner DM or equivalent private surface, keep unknown defaults at observer/guarded, and re-run the validator/audit after changes.
Unauthorized edits to the trust config or related workspace instructions could loosen or misdirect the agent's permission boundaries.
The workspace trust configuration is persistent and will influence future agent decisions. If modified by an unintended party, it could change permission outcomes.
Create `chitin-trust-channels.yaml` in the agent workspace root
Store the config where only trusted maintainers can edit it, review changes, and avoid allowing non-sovereign channels to modify trust settings.
Installation may fail or behave differently if Python or the YAML library is missing or supplied from an untrusted environment.
Setup relies on user-run local Python scripts, while the registry metadata declares no required binaries or install spec. This is not suspicious by itself, but the dependency should be understood before use.
Run the validator: `python3 scripts/validate_config.py chitin-trust-channels.yaml`
Run the scripts manually from the reviewed package contents and ensure Python/PyYAML are installed from trusted sources.