ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Self Discipline

v1.0.1

Guarantee instruction compliance with root cause analysis, flow verification, and automated validators that make future failures impossible.

0· 388·0 current·0 all-time
byIván@ivangdavila
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (enforcing instruction compliance, root-cause, validators) match the actual content: the skill is instruction-only and describes creating local rule files, logs, and executable validators. It does not request unrelated credentials or binaries.
Instruction Scope
SKILL.md instructs the agent to create ~/self-discipline/, store rules, logs, and validator scripts, and (with explicit permission) suggest edits to AGENTS.md/HEARTBEAT.md so rules are reachable. These are within scope for a 'discipline' skill, but they involve modifying user-visible files and creating executables — the skill's setup doc says it will ask for consent and show exact edits before changing other files.
Install Mechanism
No install spec or external downloads; instruction-only skill. Example validators are provided as plain scripts in the docs (no automatic fetch/install). This is low-risk from an install standpoint.
Credentials
The skill declares no required env vars or credentials. Validators read local files (staged git files, message content, ~/self-discipline/rules.md) and reference protected paths (e.g., ~/.ssh, /etc) to block dangerous deletions. Access is local and explained in 'security manifest' comments in the templates — proportionate but worth reviewing before authorizing creation/execution of scripts that touch sensitive paths.
Persistence & Privilege
always is false (normal). The skill may ask to add references to AGENTS.md or HEARTBEAT.md to ensure rules are loaded on session start; doing so increases the skill's effective persistence across agent sessions but the setup instructions state user confirmation and backups are required before edits. Consider this an intentional persistence mechanism that relies on user approval.
Assessment
This skill is internally consistent with its stated purpose, but it will create files and executable validators in your home directory and may propose edits to AGENTS.md or heartbeat files so rules are actually loaded. Before installing or granting permission: 1) Confirm you want ~/self-discipline/ created and review the exact files the skill will write. 2) Inspect any validator scripts (pre-send, pre-commit, pre-action) before making them executable — they run locally and can block actions; ensure their behavior is acceptable. 3) If the skill requests edits to AGENTS.md/HEARTBEAT.md, ask to see the exact diffs and make backups. 4) Keep validators under version control and test them manually first. 5) If you don’t want the skill to influence other agent sessions, decline edits to AGENTS.md/heartbeat or keep activation_mode set to manual. If you want additional assurance, paste the actual validator scripts here and ask for a line-by-line review.

Like a lobster shell, security has layers — review code before you run it.

latestvk97canm9kx1ahzw4msrv5wpz0981v8a3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

⚔️ Clawdis
OSLinux · macOS · Windows

Comments