Skillv1.0.0

ClawScan security

LYGO Champion: KAIROS — Herald of Time · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 11, 2026, 9:28 AM

Verdict: Benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill is internally coherent with its stated purpose (a persona/helper for timeline integrity) and contains only small helper scripts that read local pack files and print/validate the included hash, but it references an external verifier URL that you should vet before following or installing anything from it.
Guidance: This package appears to be what it claims: a persona helper with local verification utilities. Before installing or running anything from the external verifier link, inspect that verifier's source or use a vetted release (do not blindly run binaries from unknown domains). If you plan to publish 'anchor snippets' or other outputs, don't include private or sensitive data in them because those snippets are intended for public/external posting. You can safely run the included scripts locally to validate the pack: python scripts/self_check.py and python scripts/show_hash.py will only read package files and print/exit codes. If you want higher assurance, ask the publisher for a canonical upstream repo or signed releases for the verifier tool, and confirm the verifier's code/license before installing it.

Review Dimensions

Purpose & Capability: okName, description, SKILL.md, and the included files (persona_pack.md, canon.json, equations, verifier usage) are consistent: this is a persona pack and verifier/hash workflow for a 'KAIROS' temporal-integrity advisor. The two scripts only validate presence of included files and print the declared SHA-256; nothing in the manifest requests unrelated cloud credentials, binaries, or access to system secrets.
Instruction Scope: noteSKILL.md stays on-topic (how to invoke the persona, what it does, and how to verify with a LYGO‑MINT verifier). It instructs the user/agent to use a third-party verifier and to publish/track anchor snippets (Moltbook/Moltx/X/Discord/4claw). The skill itself does not contain code that exfiltrates data, but the guidance to post anchor snippets to external services could leak content if used carelessly. Also the docs tell you to 'install' a verifier from a URL (see next dimension).
Install Mechanism: noteThere is no formal install spec in the package (instruction-only), which is low risk. However the README and verifier_usage.md point to an external install URL (https://clawhub.ai/DeepSeekOracle/lygo-mint-verifier). That domain is not a standard, well-known package host like GitHub releases/npm/Homebrew; following that link to install software would merit caution and prior review of the verifier's code or reputation.
Credentials: okThe skill declares no required environment variables, no credentials, and no config paths. The included Python scripts only read files that are part of the package (SKILL.md and references/*) and perform simple checks/printing — no access to system environment or secrets is present.
Persistence & Privilege: okFlags show always:false and normal invocation rules. The skill does not request persistent system presence and does not modify other skills or global agent settings. The included scripts do not write to system-wide config or persist credentials.