Back to skill
Skillv1.0.0
ClawScan security
LYGO Root: VΩLARIS — Prism of Judgment · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 11, 2026, 9:28 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally coherent with its stated persona-advisor purpose: included docs and small local helpers match the description, it requests no credentials, and it contains no network or privileged operations in its code files.
- Guidance
- This skill appears coherent and low-risk: the files and scripts are local, small, and only perform benign checks (print/validate the SHA-256 from canon.json). No credentials are requested. The only point to watch is the verifier URL (clawhub.ai) mentioned in docs — it points to an external installer/tool that is not part of this package. If you plan to follow that link and install/use the verifier, review that external project's code or distribution source before running it. You can safely run the included self_check.py and show_hash.py locally to confirm the pack's internal consistency before taking any external installation steps.
Review Dimensions
- Purpose & Capability
- okName/description (persona helper / fork judge) align with included files: persona_pack, canon.json, equations, verifier usage, and two small Python utilities that read local files and print/validate the included hash.
- Instruction Scope
- noteSKILL.md stays on-purpose (how to invoke the persona, ask for the LYGO hash, and use receipts). It references an external verifier tool URL (https://clawhub.ai/DeepSeekOracle/lygo-mint-verifier) as a recommended utility — the skill does not itself call that endpoint, but users are directed to install/use it, which is an external action outside the skill's local scope.
- Install Mechanism
- okThere is no install spec and no archives to fetch. The included code is small and local. The only install-related element is a recommended external verifier URL in the docs; that is not executed by the skill itself but could lead users to fetch external code if they follow it.
- Credentials
- okThe skill declares no required environment variables, no credentials, and no config paths. The included scripts only read files packaged with the skill (canon.json and other references).
- Persistence & Privilege
- okSkill is not always-enabled and does not request elevated or persistent privileges. It does not modify other skills or system-wide settings; included scripts only perform local file reads and simple checks.