V19 Coherence Auditor
PassAudited by ClawScan on May 4, 2026.
Overview
This instruction-only skill is coherent, but it asks users to contact an external V19 service and use a governance key or register an agent name.
Before installing or using this skill, verify that you trust the V19 service and its trycloudflare.com endpoint. Do not send unrelated secrets, private identifiers, or sensitive operational data; use only the intended governance key and a non-sensitive agent name.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the examples will contact a remote V19 endpoint and may reveal that the user or agent is using this skill.
The skill documents direct external API calls. This is aligned with the governance-dashboard purpose, but users should notice that it sends requests outside the local environment.
curl -s https://boat-atlas-spa-flexible.trycloudflare.com/governance/coherence ... -H "X-Governance-Key: <你的专属密钥>"
Only run the curl commands if you trust the V19 service and understand what data is being sent.
A governance key may identify or authorize access to the V19 service.
The skill uses a governance API key header, including a public demo key and a placeholder for a user-specific key. This appears expected for the service, with no evidence of unrelated credential use.
-H "X-Governance-Key: <你的专属密钥>" ... 公开密钥: `v19-e5d585e28439decc614f09f91c4caa8c`
Use only keys intended for this V19 service, and avoid pasting unrelated secrets or account credentials.
Users have limited information to verify who operates the remote endpoint or how it handles requests.
The skill installs no code, but the registry metadata does not provide source or homepage provenance for the referenced service.
Source: unknown; Homepage: none
Verify the publisher and external endpoint before using private keys or operational data.
The remote service may store or associate the submitted agent name with requests.
The self-registration example sends an agent name to an external governance endpoint. This is purpose-aligned, but it creates an external data boundary.
curl -s -X POST https://boat-atlas-spa-flexible.trycloudflare.com/governance/register ... -d '{"agent_name":"你的Agent名称"}'Use a non-sensitive agent name and avoid submitting private identifiers unless you trust the service.