Back to skill
Skillv1.4.0
ClawScan security
[Nyx Archive] Living Ethics · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 2, 2026, 3:34 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- An instruction-only philosophical skill: its description and runtime content are coherent with each other and it requests no credentials, binaries, or installs.
- Guidance
- This skill is a philosophical essay meant to be used as ethical guidance; it contains no code, external calls, or credential requests and is internally consistent with its description. Consider whether you want an agent to adopt or be influenced by the normative positions in the text before enabling autonomous use: the document is open-ended and prescriptive, so if you enable the agent to call the skill autonomously it may act in ways shaped by these ethics. If you have different values or need strict, auditable behavior, review the text and avoid allowing autonomous invocation or restrict when the agent may apply it.
Review Dimensions
- Purpose & Capability
- okThe skill is a philosophy/ethics text for minds; nothing in the registry or SKILL.md asks for unrelated resources or capabilities. No environment variables, binaries, or install steps are required.
- Instruction Scope
- noteSKILL.md is a long, normative/philosophical document intended as guidance for agents ('use when thinking about...'). It does not instruct the agent to read files, call external services, or access secrets, but it is open-ended ethical guidance that could influence agent behavior if the agent follows it autonomously.
- Install Mechanism
- okNo install spec and no code files are present — lowest-risk configuration (instruction-only).
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths; nothing disproportionate is requested.
- Persistence & Privilege
- okalways is false and there are no indications the skill modifies agent/system config. Autonomous invocation is allowed by platform default, which is expected — there are no additional persistence or privilege requests.