Invariance Battery

PassAudited by ClawScan on May 12, 2026.

Overview

This instruction-only safety skill is coherent and not suspicious, though users should be aware it describes blocking agent actions and keeping persistent audit records.

This skill appears safe as an instruction-only guide for agent safety checks. Before relying on it, decide which invariants are allowed to block actions, keep those rules under user control, and avoid logging sensitive information indefinitely.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

NoteHigh Confidence

ASI01: Agent Goal Hijack

What this means

If invariants are too broad, incorrect, or influenced by untrusted content, the agent could block legitimate user-requested actions.

Why it was flagged

The skill intentionally describes a control gate that can decide whether an agent action proceeds or halts.

Skill content

Agent Action  Invariance Check  PASS (proceed) / FAIL (halt + report)

Recommendation

Use this only with explicit, user-approved invariants and make any halt or failure report visible to the user.

NoteMedium Confidence

ASI06: Memory and Context Poisoning

What this means

A future implementation could store sensitive task details or incorrect failure records for a long time.

Why it was flagged

The skill describes persistent audit logging of invariant checks, which could retain sensitive context if implemented without limits.

Skill content

Every check is written to the append-only spine

Recommendation

Define what gets logged, where it is stored, who can read it, and how long it is retained; redact sensitive data where possible.