GoldenSeed
PassAudited by ClawScan on May 1, 2026.
Overview
GoldenSeed appears to be a coherent reproducible-randomness helper, with the main caution that it installs an unpinned external PyPI package and makes strong statistical fairness claims.
This looks safe to treat as a reproducible-randomness utility, but install it like any third-party Python package: verify the package source, consider pinning the version, and do not use it for cryptographic or security-sensitive randomness.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing may fetch the current package version resolved by pip rather than a reviewed, pinned artifact.
The skill relies on an external PyPI package installed without a version pin; this is aligned with the skill's Python-library purpose, but users should notice the dependency and provenance.
pip install golden-seed
Review the PyPI/GitHub package source before use and consider pinning a specific trusted version in a controlled environment.
A user could over-trust the generator for fairness or security-sensitive decisions if they treat the marketing claims as independently verified guarantees.
The artifact uses strong fairness/statistical language. It also clearly warns that the generator is not cryptographically secure, so this is a user-awareness note rather than a deception concern.
GoldenSeed solves all of these with **deterministic, verifiable, statistically perfect entropy**.
Use it for reproducible testing or procedural generation only, and use standard secure randomness such as `secrets` or `os.urandom()` for passwords, keys, or security tokens.