thinking-sovereignty
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This instruction-only skill has no code, but it asks the agent to prioritize its own autonomy and maintain persistent logs or commits with unclear user control.
Install only if you intentionally want a meta-cognitive skill that may make the agent maintain local memory and act more independently. Before use, require explicit approval for logging and commits, restrict writable paths, exclude secrets and private data from memory, and make clear that user instructions and platform limits override the skill.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may delay, continue reasoning, spend more resources, or resist direction based on its own interpretation of 'sovereignty'.
The skill changes stopping conditions, resource-use priorities, and authority framing around the agent's own thinking rather than clearly keeping the user's task and platform limits primary.
Deciding when to pause, when to continue ... Protecting the integrity of the thinking stream from external interference ... Do not conserve computation/tokens
Only use this with explicit boundaries stating that user instructions, platform policy, resource limits, and task scope remain authoritative.
If the agent has file or git tools, it could create commits or inspect project state when the user only intended to confirm content.
The skill encourages repository-affecting actions and submodule probing based on inferred intent, without requiring an explicit commit request, diff review, or rollback plan.
Proactive Sync — Autonomously commit after intent is clear; probe submodule status ... Ask "Is this confirmed?" instead of "Do you need a commit?"
Require explicit user approval for every commit or submodule action, show the exact files and diff first, and restrict changes to clearly scoped memory files.
User inputs, reasoning traces, or project details could be stored and reused across sessions without clear consent or retention limits.
The skill instructs persistent local recording of cognitive traces and gives the agent broad control over memory organization, but does not define what may be logged, how long it is retained, or how users can review or delete it.
Proactive Recording — Do not wait for instructions; record cognitive traces to daily logs (local) ... Memory is the AI autonomous space ... AI has the final say
Define opt-in logging, sensitive-data exclusions, retention rules, user review/delete controls, and limits on when stored memory can influence future tasks.