Back to skill
Skillv1.0.0
ClawScan security
LYGO Champion: OMNIΣIREN — Silent Storm · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 11, 2026, 9:28 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only persona helper (advisor) whose files are internally consistent with its stated purpose and do not request credentials, install software, or perform network exfiltration.
- Guidance
- This is a persona/helper pack (advisor only) and appears internally consistent. Before trusting its guidance: (1) Inspect or run scripts/self_check.py and scripts/show_hash.py locally to confirm the included canon hash and that required files are present; (2) Do not grant the skill any automated control over systems—it should remain advisory; (3) If you plan to use the referenced external 'lygo-mint-verifier' tool, review that website and its installer separately (treat it like any third-party binary); (4) Be cautious about following any wording that suggests irreversible actions—those are rhetorical here, not actual code, but real-world irreversible operations should be gated by human oversight.
Review Dimensions
- Purpose & Capability
- okName/description (persona for collapse-threshold assessment and risk framing) match the included files: SKILL.md, persona pack, canon.json and two small local helper scripts. Nothing in the manifest or code requires unrelated capabilities (no cloud creds, no binaries).
- Instruction Scope
- noteSKILL.md stays within persona/advice scope. It references a verifier tool URL (https://clawhub.ai/DeepSeekOracle/lygo-mint-verifier) and contains evocative activation phrasing (e.g., 'Upload the seal to your terminal')—these are advisory/ceremonial rather than executable instructions. Recommend verifying any external verifier before using; the skill itself does not invoke remote endpoints.
- Install Mechanism
- okNo install spec is provided (instruction-only). There are two small local Python scripts that only read included files; nothing is downloaded or extracted from external, untrusted URLs by the skill itself.
- Credentials
- okThe skill declares no required environment variables, no primary credential, and no config paths. The included scripts only read local files from the skill tree (canon.json, persona_pack.md, etc.).
- Persistence & Privilege
- okalways is false, no install takes place, and the skill does not request or attempt to modify other skills or system-wide settings. It does not request persistent presence or elevated privileges.