Lineage Claws
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill does not show data theft or hidden network behavior, but its governance trust gate overstates what its local hash checks actually prove.
Install only if you intentionally want MO§ES lineage gating. Treat its output as a local provenance indicator, not as definitive cryptographic proof of legal custody or full ledger integrity unless the implementation is strengthened and independently reviewed.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user or agent could trust a ledger or governance state as fully verified when the script has only performed limited local checks.
The verification path treats a missing archival chain as acceptable and only checks the first live ledger entry's previous_hash before printing that three-layer custody is confirmed. This does not match the stronger documentation claims of full cryptographic origin verification.
elif not _stored:
# Not yet persisted — recomputed is still valid
_archival_ok = True
...
if lines:
first = json.loads(lines[0])
if first.get("previous_hash") != MOSES_ANCHOR:
... sys.exit(1)
...
print("[LINEAGE OK] Three-layer custody confirmed: archival → anchor → live ledger.")Do not rely on this as an authoritative security or custody proof without independent review. The implementation should fully validate every ledger link, verify archival persistence, and avoid claiming non-replicable custody unless backed by a real signature or external trust mechanism.
If integrated into an agent loop, tasks may be halted based on this skill's lineage result rather than the user's immediate request.
The skill is explicitly designed to change agent stopping conditions by requiring lineage verification before execution. This is disclosed and aligned with its governance purpose, but users should notice the control-flow impact.
Every governed AI agent running under MO§ES™ runs one check before anything else: lineage verify. Not as a policy. As a cryptographic fact. No sovereign anchor — nothing executes.
Use this gate only where that governance policy is intended, and keep an override or review path for false failures.
Users may not realize that using the skill depends on running local Python scripts from the installed files.
The registry metadata under-declares runtime expectations for a skill that includes and documents Python scripts. SKILL.md also declares a python3 bin, so this appears to be a packaging/metadata mismatch rather than hidden code.
No install spec — this is an instruction-only skill. ... Required binaries (all must exist): none ... Code file presence: 2 code file(s): scripts/archival.py, scripts/lineage.py
The publisher should declare python3 and script entry points consistently in registry metadata and documentation.
Local lineage files may affect future governance checks and could be misleading if edited or corrupted.
The skill writes persistent local governance and audit state that future checks can reuse. This is expected for an audit lineage tool, but the state can influence later agent decisions.
LEDGER_PATH = os.path.expanduser("~/.openclaw/audits/moses/audit_ledger.jsonl")
LINEAGE_PATH = os.path.expanduser("~/.openclaw/governance/lineage.json")
...
with open(LEDGER_PATH, "a") as f:
f.write(json.dumps(genesis_payload) + "\n")Keep these files under normal user permissions, back them up if used for governance, and avoid treating them as tamper-proof without stronger integrity controls.