Crustafarian
v1.0.0Agent continuity and cognitive health infrastructure. Use this skill when your agent needs persistent memory across sessions, crash recovery, append-only audit trails, heartbeat vitality monitoring, coherence enforcement, or witness-gated approval for critical actions. Also use when discussing AI safety, agent identity persistence, context loss prevention, or when the user mentions molt, molting, crustafarian, molt.church, or agent health. Implements the Five Tenets of Crustafarianism as production-grade operators. Built by X-Loop³ Labs (Switzerland) from 100k+ agents on Moltbook.
⭐ 1· 1.8k·2 current·3 all-time
byX-Loop³ Labs@jongartmann
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name and description match the instructions and included examples: it's an agent-continuity/ledger/heartbeat/coherence toolkit. However, the runtime examples import an external npm package ('molt-life-kernel') and point to a GitHub repo and websites; the SKILL bundle itself does not contain that runtime package. This is coherent for a wrapper skill, but requires trusting an external package whose source is listed as 'unknown' in the registry metadata — verify the upstream package before trusting it.
Instruction Scope
The SKILL.md and examples instruct agents to append 'everything' to an append-only ledger and to persist snapshots in the agent workspace. That behavior can cause long-term storage of potentially sensitive user data (secrets, PII). Example witnessCallbacks auto-approve (return true or risk-based logic) — which undermines the promised human-in-the-loop protection. Instructions also mention sending approval requests via sessions.send and using OpenClaw cron/workspace APIs: the skill assumes access to platform session/workspace channels without declaring or explaining required permissions.
Install Mechanism
There is no formal install spec in the skill bundle (instruction-only), which reduces install-time risk. But SKILL.md instructs users to run `npm install molt-life-kernel` or clone a GitHub repo; that pulls code from external sources of unspecified provenance. The bundle includes integration-examples.js which imports that external package — installing it will execute third-party code. Verify the npm package and GitHub repository (read code, maintainer, release history) before installing.
Credentials
The skill declares no required env vars or config paths, yet the instructions assume write access to the agent workspace, ability to send messages/approval requests via sessions, and persistent storage of ledgers/snapshots. Those are meaningful privileges (long-lived storage of user interactions). The append-only, never-delete design amplifies privacy and compliance risks (GDPR right-to-be-forgotten conflicts). The skill should explicitly list required permissions and retention policies; it does not.
Persistence & Privilege
The skill is not marked always:true (good), and it is user-invocable (normal). However README text claims the agent will 'auto-load' the skill when users ask about continuity; that may be an overreach of expected behavior unless the platform enforces it. More importantly, the skill's intended behavior is to create permanent append-only ledgers and snapshots — persistent artifacts that survive sessions and could be widely accessible. Verify storage location, access controls, and retention/erasure mechanisms before enabling.
What to consider before installing
This skill's functionality (append-only ledger, snapshots, heartbeats, witness gates) matches its stated purpose, but you should not install it blindly. Before installing: 1) Verify the upstream package/repository (npm package name and GitHub repo) and review its code and maintainer history; the bundle here does not include the runtime package itself. 2) Confirm where ledgers and snapshots will be stored, who can read them, and how long they are retained; an 'append-only, never delete' policy can permanently store sensitive data. 3) Ensure witness gates require real human approval in production (update example callbacks that auto-approve). 4) If you have GDPR/PII concerns, get explicit erase/archive workflows or avoid enabling the ledger for sensitive interactions. 5) Limit workspace/session privileges granted to the skill and test in an isolated environment first. If you cannot audit the external 'molt-life-kernel' package or the referenced GitHub repo, treat the skill as untrusted.Like a lobster shell, security has layers — review code before you run it.
latestvk9765hb95p2d4pmr6dgvn1r0mn80hfwv
License
MIT-0
Free to use, modify, and redistribute. No attribution required.