Governance.Wrapper
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This skill claims to enforce governance, but it routes strict-mode autonomous work and prompt context through an unreviewed local Python wrapper with persistent evidence logging.
Review the actual governance_wrapper.py implementation before installing or invoking this skill. Confirm that it is trusted, packaged or pinned, does not log sensitive context unnecessarily, and only governs the operations you explicitly intend.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing or using the skill could cause the agent to run local code that was not included in the reviewed skill package.
The skill is supplied as instruction-only with no install spec or code files, but it depends on a pre-existing local Python helper outside the package; that helper’s provenance and behavior cannot be reviewed from the artifacts.
`python3 /home/openclaw/.openclaw/workspace/governance/governance_wrapper.py`
Only use this after inspecting and verifying the referenced governance_wrapper.py file, its source, and its hash; ideally the wrapper should be packaged and pinned with the skill.
The skill may alter how the agent carries out future strict-mode work, including routing tasks through a wrapper rather than the normal execution path.
The skill makes a broad mandatory claim over autonomous operation execution, which can change normal tool use and execution flow beyond a single user-directed task.
All autonomous operations in strict mode must execute through this wrapper:
Enable it only if you intentionally want this wrapper to govern strict-mode autonomous operations, and define clear limits for when it should apply.
Sensitive prompts, task context, or execution details could be stored persistently without clear retention or deletion controls.
The wrapper is required to receive system prompt and input context and create append-only evidence logs, but the artifacts do not define what context is recorded, retained, or exposed.
Required parameters: - `--system-prompt` - `--input-context` ... - Mandatory `execution-evidence.v1` emission - Hash-chained append-only evidence logging
Confirm exactly what the wrapper logs, where logs are stored, who can read them, and how they can be purged before using it with sensitive tasks.