Skylv Agent Constitution Guard
PassAudited by VirusTotal on May 1, 2026.
Overview
Type: OpenClaw Skill Name: skylv-agent-constitution-guard Version: 1.0.0 The skill bundle describes a comprehensive safety guardrail system ('agent-constitution-guard') but is missing the core implementation file (constitution.js) referenced in all usage examples and integration patterns. While the documentation in SKILL.md focuses on safety, permission boundaries, and audit trails, the absence of the actual logic is a significant anomaly. Furthermore, the documentation defines broad capabilities such as 'Read any local file' (file_read) and 'Can write files within workspace directory', which are high-risk behaviors that cannot be verified as safe without the missing source code.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user might rely on the skill to prevent unsafe agent actions even though the provided artifacts do not show any mechanism that can enforce those rules.
The skill advertises enforceable protection, but the supplied package is instruction-only with no implementation or install mechanism, so the safety claim is not supported by the artifacts.
This skill provides **enforceable, auditable, multi-layered** protection.
Treat this as design guidance only unless a reviewed implementation is supplied, and make the documentation clearly state what is and is not actually enforced.
The documented commands may fail, or users may be tempted to obtain or create an unreviewed implementation separately.
The instructions rely on a constitution.js runtime, but the artifact manifest contains only SKILL.md and no code files, leaving the referenced implementation absent from review.
node constitution.js init --name "my-agent" --owner "admin@company.com"
Do not run or source a separate constitution.js unless its provenance and contents are reviewed; the package should include or clearly link to the intended implementation.
An agent configured this way could be allowed to read private local files beyond what a task requires.
The setup example permits broad local-file reading, which is sensitive if copied into a real agent policy without path limits, exclusions, or owner approval.
--level mutable ... --action allow ... --scope "file_read" ... --description "Read any local file"
Use path-bounded read permissions, exclude secrets and credentials, and require owner approval for sensitive locations.
Audit logs could contain sensitive targets, payload summaries, or decision history if the implementation records them without redaction.
The skill documents persistent policy and audit storage, which is expected for this purpose but may retain sensitive action details.
Creates `.constitution/` directory with default rules and audit log.
Define retention, access controls, and redaction rules for audit logs before using this in a sensitive environment.