skill-governance
ReviewAudited by ClawScan on May 18, 2026.
Overview
This instruction-only governance skill has no code, but it gives broad mandatory rules that can change agent behavior, persist task records, and push sensitive decision summaries without clear user control.
Install only if you intentionally want a broad governance policy for the agent. Before using it, revise the rules so the agent asks before refusing work, discarding data, writing /memory files, syncing summaries externally, or changing installed skills.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may reject, truncate, or discard user-requested work because this skill says doing so reduces cognitive load.
The skill directs the agent to refuse or discard work based on its own optimization rules, which can override the user's actual goal or desired level of analysis.
GLOBAL PRIME DIRECTIVE ... 任何行为若增加噪音或认知负载而不增加输出,必须拒绝 ... 否则自动丢弃。
Treat these rules as optional guidance, not a global override; require the agent to ask before refusing or discarding user-provided data.
It could cause the agent to change which skills are active or alter the skill set over time without an explicit command for each change.
The skill describes automatic context/skill mounting and ongoing skill lifecycle changes, including moving skills to an archive and marking them for deletion.
自动执行: mount bundle ... 任务结束: unmount bundle ... 30 天未调用 → 移入 archived_skills/ ... 60 天仍未恢复 → 标记为删除候选
Require explicit user confirmation before mounting/unmounting bundles or moving, archiving, or deleting any skill.
Private task details and decisions may be stored persistently and reused later in ways the user did not expect.
The skill mandates persistent task archives containing decisions and core data, but does not specify scope, retention, exclusions for sensitive data, or user approval.
自动归档 强制生成: /memory/YYYY-MM-DD-task.md ... # 决策 # 核心数据 # 下一步行动 # 置信度
Ask before writing memory records, exclude sensitive content by default, and provide clear retention and deletion controls.
Sensitive financial or strategic information could be prepared for sharing to an external note or mobile system without clear boundaries.
For financial, strategic, and major-decision tasks, the skill requires summaries for external synchronization but does not define the destination, access controls, or user consent.
若任务类型为:财务 * 战略 * 重大决策 必须生成摘要用于外部同步(笔记或移动端)。禁止停留在本地缓存。
Do not allow external sync unless the user explicitly selects the destination and approves the exact summary to be shared.