Moses Governance
PassAudited by ClawScan on May 10, 2026.
Overview
This appears to be a coherent governance and audit skill, but users should notice its strong agent-control instructions, local audit persistence, and opt-in external review/witness features.
Before installing, decide whether you want this skill to control governed actions with mandatory checks and local audit logs. Keep optional secrets out of prompts, leave external referee/witness features disabled unless you trust the endpoint, and remember that extracted commitment kernels may still reveal sensitive task details.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
When used, the agent may refuse or stop tasks until governance checks and audit logging are completed.
The skill deliberately changes the agent's workflow and stopping conditions for governed actions.
Run in this order before any governed action ... Skipping any step is a governance breach — log it and halt.
Use this skill only when you want this governance workflow active, and confirm the mode/posture before high-impact work.
If these environment variables are set, the skill can authenticate/sign governance actions or contact a configured referee endpoint.
The skill can use sensitive environment secrets for local signing and optional external referee authentication.
MOSES_OPERATOR_SECRET ... Optional local HMAC attestation and signing gate. Never transmitted. ... REFEREE_KEY ... API key for optional referee endpoint.
Keep MOSES_OPERATOR_SECRET out of chat prompts, set it only when needed, and use referee keys only with trusted endpoints.
You have less provenance information than ideal for code that may be run locally by the agent.
The registry provenance is limited and there is no install spec, even though bundled scripts are documented for local execution.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill; 17 code file(s)
Install only from a trusted registry/source and review the bundled scripts before relying on them for governance decisions.
Audit details or vault constraints may persist across sessions and influence future governed behavior.
The skill persists governance state, audit trails, and vault-derived constraints that can affect later actions.
stateDirs: ~/.openclaw/governance ... ~/.openclaw/audits/moses ... Loaded vault documents apply as additional constraints.
Avoid putting secrets in audit details, periodically review stored audit/vault files, and approve amendments only after inspection.
If external review is enabled, the referee may receive meaningful excerpts or commitments from the task, not just opaque hashes.
The optional referee flow can send extracted commitment kernels, and the fallback extractor may include sentence-level text from the instruction or output.
REFEREE_ENABLED — set to "1" to forward results to external reviewer ... kernel.add(_re.sub(r'\s+', ' ', sentence.strip().lower()))
Leave external referee/witness features disabled unless needed, and treat commitment kernels as potentially sensitive when choosing a REFEREE_URL.
Users could overestimate the protection provided by audit logs and governance checks.
The skill uses strong assurance language around governance and trustworthiness.
The harness that makes any execution runtime trustworthy.
Treat the skill as a governance/audit helper, not as a substitute for independent review, permissions controls, or human approval on high-impact actions.