Skillv1.0.2

ClawScan security

Moses Coordinator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 16, 2026, 1:09 PM

Verdict: Benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and instructions are coherent with its stated purpose (a local WebSocket-based sequence monitor that logs via a local audit script); nothing requests unrelated credentials or external networks, but there are minor inconsistencies and a dependency on another skill's script that you should verify before running.
Guidance: This coordinator is a local monitoring daemon that connects to a local OpenClaw Gateway WebSocket and invokes a local audit script when it detects out-of-order agent responses. Before installing or running it: 1) Verify the referenced audit script (~/.openclaw/workspace/skills/moses-governance/scripts/audit_stub.py) exists and review its source — the coordinator executes it via subprocess, so a compromised or malicious audit script would run with your user privileges. 2) Note the minor inconsistencies between SKILL.md and the packaged script (different subprocess argument forms and an unused STATE_PATH); confirm which behavior you expect and that the audit logging call will produce the intended ledger entries. 3) Install the websockets package in a controlled environment (e.g., virtualenv) and consider running the coordinator in a sandbox or under a dedicated user if you will run it persistently. 4) Don’t provide credentials because none are required; ensure launchd/systemd entries point to the correct, reviewed script path. If the audit_stub.py is from a trusted source and reviewed, the skill appears coherent for its stated purpose.

Review Dimensions

Purpose & Capability: okName/description (sequence enforcement via OpenClaw Gateway WebSocket) matches the code and SKILL.md. The script connects to ws://127.0.0.1:18789, evaluates agent sequence, and logs violations — all consistent with the described coordinator purpose.
Instruction Scope: noteInstructions stay within the stated scope (monitor local gateway, log violations). Minor issues: SKILL.md and the included script differ in the exact subprocess arguments used to call the audit script, and STATE_PATH is declared but never read — these are inconsistencies to verify. The coordinator invokes a local audit script via subprocess; it does not make external network calls or request credentials.
Install Mechanism: okNo install spec; dependency is a single Python package (websockets) installed via pip as documented. No downloads from arbitrary URLs or archive extraction.
Credentials: okThe skill declares no required environment variables or credentials and the code does not access secrets. SKILL.md explicitly states MOSES_OPERATOR_SECRET is not used. The only required resource is another local script (moses-governance's audit_stub.py).
Persistence & Privilege: okalways: false and no special platform privileges requested. The README suggests optional persistent launchd setup, which is normal for a daemon. The skill does call another skill's script, so verify that cross-skill dependency before enabling persistent runs.