Moses Governance Single
ReviewAudited by ClawScan on May 1, 2026.
Overview
No malicious behavior is evidenced; this is a local governance/audit skill, but it runs included Python helpers, keeps persistent logs, and should not be treated as a hard security sandbox.
Install this only if you want a local self-governance and audit layer. Keep the optional signing secret out of chat, treat the audit ledger as sensitive, and do not rely on this skill alone as a hard safety or permission boundary.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can make the agent pause, block, or reframe actions based on the selected governance mode and posture.
The skill intentionally changes how the agent evaluates all future actions. This is purpose-aligned governance behavior, but it is broad and should be enabled only when the user wants the skill to steer agent behavior globally.
Run this checklist before ANY tool use, state change, or consequential response
Use /status and the governance commands intentionally, and avoid unrestricted/offense settings unless you explicitly want reduced constraints.
Using the skill will run local Python code that reads and writes governance state and audit files.
The skill directs the agent to execute included local Python helper scripts for state loading and audit logging. This is disclosed and central to the governance/audit purpose.
Run: `python3 scripts/init_state.py get`
Review the included scripts before use and install only from a source you trust.
Private task details may be stored locally and reused or reviewed later, depending on what the agent logs.
The skill keeps a persistent local audit trail of governed actions, including action/detail/outcome fields. This supports the stated audit purpose but can retain sensitive task information.
Every governed action appends to `~/.openclaw/audits/moses/audit_ledger.jsonl`.
Treat the audit ledger as sensitive, avoid logging secrets or unnecessary private details, and manage retention/permissions for the ~/.openclaw audit directory.
If set, the local helper script can use the secret as an offline audit-signing key.
The skill can read an optional local signing secret from the environment to HMAC audit entries. The use is disclosed and purpose-aligned, with no evidenced transmission or logging of the secret.
MOSES_OPERATOR_SECRET: This env var is declared for optional HMAC attestation only.
Set the secret only in a trusted local shell, never paste it into chat, and rotate it if you suspect exposure.
A user might overestimate how much this skill can technically prevent unsafe actions by other tools or instructions.
The wording is strong and could be read as a hard guarantee, while the artifacts implement governance through agent instructions plus local state/audit scripts.
You cannot bypass this. You cannot pretend governance was applied if it wasn't.
Treat it as a governance and logging aid, not as a replacement for tool permissions, confirmations, sandboxing, or account-level controls.