ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

agent-self-governance

v1.1.0

Self-governance protocol for autonomous agents: WAL (Write-Ahead Log), VBR (Verify Before Reporting), ADL (Anti-Divergence Limit), and VFM (Value-For-Money)....

0· 1.1k·4 current·5 all-time
by@bowen31337
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (self-governance: WAL, VBR, ADL, VFM, IKL) align with the included scripts (wal.py, vbr.py, adl.py, vfm.py). The code implements logging, verification, divergence scoring, and cost-tracking — these are coherent with the stated purpose. Minor mismatch: SKILL.md emphasizes IKL (infrastructure/credential logging) but there is no dedicated IKL script; however, WAL/VBR can be used to record infrastructure facts, so functionality exists albeit indirectly.
!
Instruction Scope
SKILL.md instructs the agent to log infrastructure discoveries (including credentials/auth examples like SSH key paths) and to 'write before responding' — the wal/vbr scripts will persist arbitrary payloads to disk. VBR's verification implementation executes commands via subprocess.run(shell=True), meaning the skill will run arbitrary shell commands passed to it. The guidance to record credentials and hardware/service specs combined with unguarded write-and-execute behavior expands scope to collecting and storing sensitive host data and running host commands.
Install Mechanism
No install spec; instruction-only with included Python scripts. Nothing is downloaded or executed at install time, which is lower risk. The scripts will be run at runtime by the agent instead of being installed by the registry.
!
Credentials
The skill declares no required environment variables or external credentials (proportionate). However, SKILL.md explicitly suggests logging credentials and paths (e.g., SSH keys) and the scripts will persist arbitrary strings to files in the user's HOME. There is no builtin encryption or secure handling — sensitive data could be stored in plaintext under ~/clawd/memory/... without explicit safeguards, which is disproportionate to safe governance unless you intend to persist such secrets.
Persistence & Privilege
always:false and no system-level install — good. The skill writes to user-space directories (~/clawd/...) and does not modify other skills. Still, the combination of autonomous invocation (allowed by default across the platform) plus VBR’s ability to execute arbitrary shell commands and WAL’s ability to record arbitrary payloads increases the blast radius if the agent is permitted to call these scripts autonomously. The skill itself does not request elevated system privileges.
What to consider before installing
This skill implements useful governance primitives, but review and harden it before use: - Sensitive-data storage: The scripts persist entries to files under your HOME (~/clawd/...). SKILL.md explicitly suggests logging infrastructure facts and credentials; those will be written in plaintext unless you change the code. If you plan to log any secrets (SSH keys, API tokens, etc.), modify the code to encrypt or avoid storing them, or disallow the agent from recording such values. - Arbitrary command execution: vbr.py implements checks by running shell commands (subprocess.run with shell=True). That is expected for verification tasks but lets the agent execute arbitrary host commands. Only enable this skill for agents you trust and consider running in a sandboxed environment, or change run_check to whitelist permitted checks/commands. - IKL mismatch: SKILL.md references IKL and encrypted storage, but no dedicated IKL script or encryption is provided. If you need encrypted infra logging, add explicit encryption and access controls. - File permissions & retention: Ensure the WAL/VBR/VFM directories have restrictive permissions (chmod 700) and consider a retention/prune policy so sensitive entries don't persist forever. - If you are unsure: run the scripts locally in a contained test environment first, audit or modify the code (remove credential-logging instructions, disable shell execution or add strict whitelists), and avoid giving the agent autonomous permission to invoke the skill until you are comfortable with the behavior.

Like a lobster shell, security has layers — review code before you run it.

latestvk97187whkv9tebjt1hxqz8kgxh815ch5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments