Sovereign Intelligence System - Equilibrium-native reasoning for OpenClaw
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: sis-skill Version: 1.0.0 The skill bundle is classified as suspicious due to the presence of risky capabilities without clear malicious intent. Specifically, the `symbols/taxonomy.py` file contains a hardcoded `sys.path.insert(0, '/home/claude/sis')` which is a direct manipulation of the Python import path and could be exploited for arbitrary code loading if the specified path is compromised. Additionally, the `persistence/vault.py` module implements a `FileVault` that performs local file system I/O (e.g., `os.makedirs`, `open`, `json.dump`) and declares an unimplemented `PostgresVault` that imports `psycopg2`, indicating an intent for network/database interaction. While these capabilities are plausibly related to the skill's stated purpose of 'persistence' and 'computational substrate', the `sys.path.insert` in particular represents a significant security risk.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the skill is imported or invoked, it may use unreviewed local Python modules instead of the reviewed bundled code, causing unpredictable behavior.
The module prepends an absolute local path before importing core code, so if that path exists it can take precedence over the bundled skill files and load code that was not part of this review.
import sys sys.path.insert(0, '/home/claude/sis') from core.symbol import SISSymbol, Layer
Remove the hard-coded sys.path modification and use package-relative imports such as from . or from the bundled core package only.
Data supplied to the skill could be retained locally if the file vault backend is used.
The skill includes an optional local persistence backend that can write symbol values and state records to disk.
class FileVault(VaultBackend):
"""File-based vault using JSON (simple persistence)"""
def __init__(self, path: str = "./nexuseternal_vault"):
self.path = path
os.makedirs(path, exist_ok=True)Use the in-memory backend for sensitive work, or clearly choose and review the vault path, retention, and contents before enabling file persistence.
A user might rely on the skill as a stronger correctness or safety guarantee than the reviewed code supports.
The skill presents strong safety and consistency guarantees that users may over-trust, while the artifacts primarily show a symbolic validation framework rather than an enforcement boundary for all OpenClaw operations.
S.I.S.: Operations that violate equilibrium constraints **cannot execute**.
Treat the equilibrium framework as an advisory reasoning aid, not as a security, correctness, or policy-enforcement guarantee.