Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Moses Governance
v0.5.10MO§ES™ Governance Harness — constitutional enforcement layer for AI agents. Modes, postures, roles, SHA-256 audit chain, lineage custody, signing gate, commi...
⭐ 0· 447·2 current·2 all-time
byburnmydays@sunrisesillneversee
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description, scripts, and docs consistently describe a governance harness that performs lineage checks, commitment verification, and an append-only audit ledger. The optional env vars (MOSES_OPERATOR_SECRET, REFEREE_* and MOSES_WITNESS_ENABLED) and the listed CLI tools correspond to the declared functionality. One minor mismatch: the SKILL.md network table mentions a MOLTBOOK_API_KEY / MOLTBOOK_SUBMOLT for the external witness logger but MOLTBOOK_* is not enumerated in the skill's env block (missing explicit declaration). Overall capability requests are plausible for the described governance purpose.
Instruction Scope
SKILL.md instructs the agent to run local verification scripts (lineage_verify, init_state, audit_stub, etc.) and documents that network features are off by default. The included scripts (e.g., adversarial_review.py) can call external endpoints (REFEREE_URL) and optionally post witness events. Although SKILL.md limits what is sent (kernels and hashes only), the scripts perform network I/O and will transmit derived artifacts if opt‑in flags are enabled. The docs warn MOSES_OPERATOR_SECRET should not be transmitted, but you should review sign_transaction.py and audit_stub.py to confirm they don't accidentally leak secrets or include raw task content in outbound calls.
Install Mechanism
This is instruction‑only (no automated install spec). Code is included but no network download/extract/install step is present in the registry metadata. The skill references an external dependency ('coverify') but does not auto-install it. Absence of remote install steps lowers install-time risk.
Credentials
The sensitive envs documented in SKILL.md (MOSES_OPERATOR_SECRET, REFEREE_KEY) are appropriate for HMAC signing and for communicating with an external referee. However: (1) MOLTBOOK_API_KEY / MOLTBOOK_SUBMOLT are referenced in the network table but not explicitly declared in the env list; (2) registry metadata shows no required env vars — the skill relies on optional operator-set secrets to enable external behavior. Because the skill can send derived artifacts externally when enabled, operators should only set REFEREE_* or MOLTBOOK_* when they intend to share commitment kernels/hashes. The claim that MOSES_OPERATOR_SECRET is 'never transmitted' must be verified by inspecting sign_transaction.py/audit_stub.py.
Persistence & Privilege
always:false and no unusual system-wide config paths were requested; stateDirs are limited to ~/.openclaw/governance and ~/.openclaw/audits/moses, which is consistent with a local audit ledger. disable-model-invocation is false (normal), so the agent can invoke the skill autonomously; this increases blast radius if opt‑in network features are enabled, but is not a standalone misconfiguration.
What to consider before installing
This skill appears to implement the governance/audit functionality it advertises, but review a few items before installing or enabling network features: 1) Inspect sign_transaction.py and audit_stub.py to confirm MOSES_OPERATOR_SECRET is only used locally and never sent over the network. 2) Confirm how witness/referee posting is implemented (search for REFEREE_URL, REFEREE_KEY, MOLTBOOK_API_KEY in scripts) and only set those env vars when you intend to share kernels/hashes externally. 3) Note the SKILL.md references MOLTBOOK_API_KEY but it is not declared in the env block—ensure you understand what data the witness endpoint will receive. 4) Because the skill can be invoked autonomously by the agent, keep network opt‑ins disabled (MOSES_WITNESS_ENABLED, REFEREE_ENABLED) unless you want automatic external submissions. If you are not comfortable auditing the scripts yourself, treat this skill as requiring a manual security review before production use.Like a lobster shell, security has layers — review code before you run it.
archivalvk974wqwy6hp1k4fk9gtma3j79d82tmwmauditvk974wqwy6hp1k4fk9gtma3j79d82tmwmconstitutionvk974wqwy6hp1k4fk9gtma3j79d82tmwmgovernancevk974wqwy6hp1k4fk9gtma3j79d82tmwmharnessvk974wqwy6hp1k4fk9gtma3j79d82tmwmlatestvk973s6smydbnq0gz9ytcvnm7h5843016lineagevk974wqwy6hp1k4fk9gtma3j79d82tmwmmulti-agentvk974wqwy6hp1k4fk9gtma3j79d82tmwmsafetyvk974wqwy6hp1k4fk9gtma3j79d82tmwm
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
⚖️ Clawdis
Environment variables
MOSES_OPERATOR_SECREToptionalREFEREE_URLoptionalREFEREE_KEYoptionalREFEREE_ENABLEDoptionalMOSES_WITNESS_ENABLEDoptional