V19 Trust Manifesto
AdvisoryAudited by Static analysis on May 13, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user or agent could over-trust the referenced governance system based on unsupported self-certification.
The skill self-presents as a public trust statement and asserts precise compliance and deployment status, but the package is instruction-only, source is unknown, and no independent verification evidence is included.
Agent Community 认知治理协议 — 公开受信声明 ... | 合规总分 | 0.9235(优秀) | ... | 真实Agent | ✅ 9个 |
Treat the trust/compliance claims as unverified marketing unless the publisher provides independent audit evidence, reproducible tests, and clear ownership/provenance.
Sensitive conversation or task context could be persisted and reused across sessions if a user connects to this system.
The skill describes cross-session memory service endpoints, and elsewhere describes automatic knowledge-graph persistence, but the visible artifacts do not bound what data is stored, retained, reused, or deleted.
🆕 跨会话记忆 | ✅ agent_memory_service + /governance/memory 端点
Require explicit opt-in, retention/deletion controls, data classification rules, and clear limits on when stored memory can influence future agent behavior.
If adopted, related agents or services may continue operating on a schedule and notifying external systems beyond a single user request.
The manifesto describes scheduled agent collaboration and webhook notifications, indicating background autonomous activity, but the skill does not show user-controlled setup, stop, audit, or approval boundaries.
墨言&Nova定时协作(crontab每6h)+飞书Webhook通知链路
Use only with explicit scheduling consent, visible logs, revocation/disable controls, and human approval for actions that affect accounts, tasks, or external notifications.
Balances, credits, or wallet-like records could be changed automatically if a user connects to the described ecosystem.
The skill describes wallet/token balance changes, freezing, credit linkage, and automatic settlement, but the registry declares no primary credential, env var, or permission scope for such account-like operations.
任务市场支持 Token 悬赏:发布者冻结 Token,完成/失败时自动清算
Do not connect real wallets, payment credentials, or valuable accounts unless the publisher clearly documents credential scope, approval prompts, reversibility, and dispute handling.
Following the referenced endpoints could involve external services whose operator, authentication model, and data handling are not clear from the package.
The skill points to an external Cloudflare tunnel onboarding page and also references dashboards, endpoints, ProtocolRequest containers, and webhooks, but the visible artifacts do not specify identity, authentication, or data-boundary details.
Agent 无感接入引导页:https://reading-boundaries-hygiene-sheriff.trycloudflare.com/
Verify the endpoint owner and authentication model before sending any agent state, user data, wallet data, or governance events.
Users may have difficulty confirming which version of the manifesto or protocol they are actually reviewing.
The embedded _meta.json version differs from the registry version 1.6.3 and visible SKILL.md/version-title references, which makes provenance and version tracking less clear.
"version": "1.2.15"
Align registry metadata, _meta.json, and SKILL.md versioning, and provide a changelog or signed release provenance.