manifesto-hci
v1.0.0Implement "Explicit State & Continuous Consensus" HCI pattern (v3.0). Combat information entropy, prevent intent drift, and maintain a shared source of truth...
⭐ 0· 49·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description ask for Git-backed state, tri-track architecture, and continuous consensus; the skill includes an on-disk project layout, a script (scripts/core.py) that initializes project dirs, creates a manifesto file, runs git init/add/commit, and logs turns — all of which are consistent and expected for this purpose.
Instruction Scope
SKILL.md instructs the agent to run scripts/core.py start/log and to append both user inputs and assistant outputs to persistent JSONL logs and to update/commit a Manifesto. That behavior is coherent with the manifesto purpose but is broad: every turn is persisted to disk (history JSONL and Git commits). The SKILL.md also specifies a background 'Diff Sub-Agent' that emits structured audit messages and performs commits; that auditing protocol is documented but not implemented in the provided code (the script only provides init and logging).
Install Mechanism
Instruction-only with a small included Python script; there is no install spec, no downloads, and no third-party package installs. Risk from installation is minimal.
Credentials
The skill declares no required environment variables, credentials, or config paths. It does require file-system write access in the agent's working directory (creates projects/prj_<id>/, state/, logs/, workspace/) and runs local git; those are proportional to the declared goal but do persist data locally (including full user/assistant messages).
Persistence & Privilege
The skill is not 'always' enabled and does not request elevated privileges, but it will create files and initialize a Git repository under projects/prj_<id>/ and make commits. This is normal for state-management but means the agent will retain conversation history on disk and in git history until you remove it.
Assessment
This skill appears to do what it says: it creates a per-project directory (projects/prj_<project_id>/), writes a Manifesto markdown file, logs every user and assistant turn to a JSONL file, and performs git init/add/commit. Before installing or using it, be aware that: (1) all conversation content and manifesto data will be stored on disk and recorded in git history (un-encrypted) — do not use with secrets or sensitive data unless you isolate or encrypt the project directory; (2) the SKILL.md describes an asynchronous 'Diff Sub-Agent' and socket push messages for audit results, but the provided script does not implement that background service — some auditing behavior is purely a protocol expectation the agent must follow; (3) the script invokes local git via subprocess and writes files relative to the agent's working directory, so confirm the agent has permission to write there and that created files won't inadvertently include other sensitive files; (4) no network endpoints or credentials are requested, and there are no external downloads. If you accept local persistent logging and git commits, the skill is consistent with its stated purpose. If you need guarantees about encryption, remote hosting, or removal of logs, request those features or review/modify the script before use.Like a lobster shell, security has layers — review code before you run it.
latestvk97f8nj6f4qe3j8jv4edf005ch84c9pg
License
MIT-0
Free to use, modify, and redistribute. No attribution required.