CORE CONSTITUTION MANIFEST API Spec v1.0.2
PassAudited by ClawScan on May 5, 2026.
Overview
This is an instruction-only API specification with no code or install steps; it mainly documents governance endpoints, a demo key, and an optional separate conformance-suite install.
This skill appears safe as documentation only. Before using the described API, confirm the service endpoint and owner, treat the included key as public/demo-only, use scoped credentials, and review the separate conformance test suite if you choose to install it.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user connects to the referenced API, they may create or use governance service credentials; the embedded key should be treated as a public demo key, not a private secret.
The document describes an authentication header, includes a public/demo key, and describes external-agent registration for dedicated keys. This is expected for an API spec, but users should recognize it as credential/account-related behavior if they use the API.
认证:X-Governance-Key Header(可选) ... 公开体验密钥 ... v19-e5d585e28439decc614f09f91c4caa8c ... 外部 Agent 可通过此端点自助注册,获取专属认证密钥
Use only scoped or test credentials, confirm the real service owner and base URL before registering, and avoid placing personal secrets directly in prompts or shared logs.
Installing the referenced test suite could introduce additional instructions or capabilities not assessed in this review.
The skill references installing a separate ClawHub package for conformance testing. This is not automatically executed by this instruction-only skill, but that separate package is outside the provided review artifacts.
clawhub install v19-conformance-test-suite
Review the referenced conformance test suite separately before installing or running it.