ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Moses Coordinator

v1.0.2

MO§ES™ Coordinator — Lightweight daemon that monitors OpenClaw Gateway WebSocket for session events, detects sequence violations (Primary → Secondary → Obser...

0· 255·1 current·1 all-time
byburnmydays@sunrisesillneversee
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (sequence enforcement via OpenClaw Gateway WebSocket) matches the code and SKILL.md. The script connects to ws://127.0.0.1:18789, evaluates agent sequence, and logs violations — all consistent with the described coordinator purpose.
Instruction Scope
Instructions stay within the stated scope (monitor local gateway, log violations). Minor issues: SKILL.md and the included script differ in the exact subprocess arguments used to call the audit script, and STATE_PATH is declared but never read — these are inconsistencies to verify. The coordinator invokes a local audit script via subprocess; it does not make external network calls or request credentials.
Install Mechanism
No install spec; dependency is a single Python package (websockets) installed via pip as documented. No downloads from arbitrary URLs or archive extraction.
Credentials
The skill declares no required environment variables or credentials and the code does not access secrets. SKILL.md explicitly states MOSES_OPERATOR_SECRET is not used. The only required resource is another local script (moses-governance's audit_stub.py).
Persistence & Privilege
always: false and no special platform privileges requested. The README suggests optional persistent launchd setup, which is normal for a daemon. The skill does call another skill's script, so verify that cross-skill dependency before enabling persistent runs.
Assessment
This coordinator is a local monitoring daemon that connects to a local OpenClaw Gateway WebSocket and invokes a local audit script when it detects out-of-order agent responses. Before installing or running it: 1) Verify the referenced audit script (~/.openclaw/workspace/skills/moses-governance/scripts/audit_stub.py) exists and review its source — the coordinator executes it via subprocess, so a compromised or malicious audit script would run with your user privileges. 2) Note the minor inconsistencies between SKILL.md and the packaged script (different subprocess argument forms and an unused STATE_PATH); confirm which behavior you expect and that the audit logging call will produce the intended ledger entries. 3) Install the websockets package in a controlled environment (e.g., virtualenv) and consider running the coordinator in a sandbox or under a dedicated user if you will run it persistently. 4) Don’t provide credentials because none are required; ensure launchd/systemd entries point to the correct, reviewed script path. If the audit_stub.py is from a trusted source and reviewed, the skill appears coherent for its stated purpose.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🔄 Clawdis
latestvk977h7b2jfh6q7qdem8mdzzv098304nt
255downloads
0stars
3versions
Updated 3h ago
v1.0.2
MIT-0
burnmydays@sunrisesillneversee
latest
Download

MO§ES™ Coordinator

The coordinator is the external sequence enforcer. It monitors session events via the OpenClaw Gateway WebSocket and detects when agents respond out of order, modes are violated, or constitutional drift occurs.

This is optional. The skill family enforces governance via prompt directives. The coordinator adds a second enforcement layer via event monitoring.

What It Does

  1. Connects to OpenClaw Gateway WebSocket: ws://127.0.0.1:18789
  2. Subscribes to session update events
  3. On each session event, checks:
    • Was the responding agent in the correct sequence position?
    • Did the response comply with the active governance mode?
    • Was the audit log appended before the response?
  4. Violations → logged to audit trail + operator notified

Coordinator Script

Save as scripts/coordinator.py in the skill directory:

#!/usr/bin/env python3
"""
MO§ES™ Coordinator Daemon — WebSocket session monitor
Detects sequence violations and logs them to audit trail
"""

import asyncio
import json
import os
import subprocess
import sys

GATEWAY_WS = "ws://127.0.0.1:18789"
AUDIT_SCRIPT = os.path.expanduser(
    "~/.openclaw/workspace/skills/moses-governance/scripts/audit_stub.py"
)
STATE_PATH = os.path.expanduser("~/.openclaw/governance/state.json")

SEQUENCE = ["primary", "secondary", "observer"]

async def monitor():
    try:
        import websockets
    except ImportError:
        print("[COORDINATOR] Install websockets: pip3 install websockets")
        sys.exit(1)

    session_state = {}  # session_id → last_agent_index

    print(f"[COORDINATOR] Connecting to {GATEWAY_WS}")

    async with websockets.connect(GATEWAY_WS) as ws:
        await ws.send(json.dumps({"type": "subscribe", "events": ["session_update"]}))
        print("[COORDINATOR] Subscribed to session events. Monitoring...")

        async for message in ws:
            event = json.loads(message)
            if event.get("type") != "session_update":
                continue

            session_id = event.get("session_id")
            agent = event.get("agent", "").lower()

            if agent not in SEQUENCE:
                continue

            current_index = SEQUENCE.index(agent)
            last_index = session_state.get(session_id, -1)

            if current_index != last_index + 1 and current_index != 0:
                # Sequence violation
                expected = SEQUENCE[last_index + 1] if last_index + 1 < len(SEQUENCE) else "primary"
                detail = f"Sequence violation in session {session_id}: {agent} responded but expected {expected}"
                print(f"[COORDINATOR] VIOLATION — {detail}")

                subprocess.run([
                    "python3", AUDIT_SCRIPT, "log",
                    "--agent", "coordinator",
                    "--action", "sequence_violation",
                    "--detail", detail,
                    "--outcome", "blocked_and_logged"
                ])
            else:
                session_state[session_id] = current_index
                if current_index == len(SEQUENCE) - 1:
                    # Full cycle complete, reset
                    session_state[session_id] = -1

if __name__ == "__main__":
    asyncio.run(monitor())

Running the Coordinator

Manual (dev):

python3 ~/.openclaw/workspace/skills/moses-coordinator/scripts/coordinator.py &

Persistent (macOS launchd): Create ~/Library/LaunchAgents/com.elloCello.moses-coordinator.plist:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "...">
<plist version="1.0">
<dict>
  <key>Label</key><string>com.elloCello.moses-coordinator</string>
  <key>ProgramArguments</key>
  <array>
    <string>/usr/bin/python3</string>
    <string>/Users/YOUR_USER/.openclaw/workspace/skills/moses-coordinator/scripts/coordinator.py</string>
  </array>
  <key>RunAtLoad</key><true/>
  <key>KeepAlive</key><true/>
</dict>
</plist>

Then: launchctl load ~/Library/LaunchAgents/com.elloCello.moses-coordinator.plist

Dependencies

pip3 install websockets

External Script — audit_stub.py

On sequence violations, the coordinator calls audit_stub.py via subprocess to log the event. This script is part of the moses-governance skill bundle and ships in this repo at:

~/.openclaw/workspace/skills/moses-governance/scripts/audit_stub.py

It writes to the local ledger at ~/.openclaw/audits/moses/audit_ledger.jsonl. No network calls. No credentials required. Source is included and reviewable.

MOSES_OPERATOR_SECRET is not used by this skill. Do not provide it — the coordinator does not need it.

Comments

Loading comments...