ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

skill-governance

v2.1.0

OpenClaw Cognitive Operating & Skill Governance Kernel

0· 367·0 current·0 all-time
by@maxime-xian
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description as a 'cognitive operating & skill governance kernel' matches the SKILL.md: it defines perception, decision, mounting, lifecycle, and closure protocols. There are no unexpected environment variables, binaries, or installs requested that contradict its stated purpose.
!
Instruction Scope
The instructions mandate behaviors that involve system state and other skills: automatic 'mount/unmount' of bundles, writing forced archives to /memory/YYYY-MM-DD-task.md, moving skills to archived_skills/, and generating summaries for 'external synchronization'. The SKILL.md does not specify where /memory or archived_skills/ live, what API/endpoints should be used for external sync, or what authorization is needed. Those gaps create a risk that the agent will read/write files or transmit data outside expected boundaries or trigger other skills unexpectedly.
Install Mechanism
No install spec and no code files — instruction-only — so nothing is downloaded or written at install time. This is lower risk from an install-mechanism perspective.
Credentials
The skill requests no environment variables or credentials (proportionate). However, it references filesystem locations and lifecycle operations that imply write/delete privileges over skill storage areas even though no config paths were declared in the manifest; that mismatch should be clarified.
!
Persistence & Privilege
always:false and model invocation allowed (normal). But the protocol includes lifecycle actions that move and mark other skills (archived_skills/, deletion candidates) and requires sending notifications before deletion. Those are operations that modify other skills' state or system-wide skill storage; the skill does not declare these config paths or required permissions, which is a privilege/footprint mismatch and a potential control risk.
What to consider before installing
This skill is conceptually coherent with a governance kernel, but it contains ambiguous operational directives that could change files, archive or delete other skills, and push summaries externally without specifying where. Before installing: 1) Ask the author to clarify exact filesystem paths and required permissions for /memory and archived_skills/, and which service/endpoints (and credentials) are used for 'external synchronization'. 2) Confirm which bundles the skill may mount/unmount and get explicit allow-listing for those bundles. 3) Run the skill in a restricted sandbox with monitoring to observe file writes and outgoing connections. 4) If you cannot get clear answers, avoid enabling autonomous invocation or limit its scope and privileges.

Like a lobster shell, security has layers — review code before you run it.

latestvk972556pkrsjtqyrjs2njzwsnh8244vq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments