ClawHub

Moses Postures

v1.0.2

MO§ES™ Posture Controls — Enforces transaction and execution policies across all agents. SCOUT=read-only, DEFENSE=protect+confirm, OFFENSE=execute within mod...

0· 194·1 current·1 all-time
byburnmydays@sunrisesillneversee
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description claim to enforce posture and transaction policies; the SKILL.md only requires reading ~/.openclaw/governance/state.json and invoking init_state.py from a declared moses-governance dependency—this is coherent and proportionate for a governance/posture skill.
Instruction Scope
Instructions are focused on loading posture state and enforcing confirmation rules (SCOUT/DEFENSE/OFFENSE). However the runtime instructions are somewhat high-level: they require logging every execution decision (location/retention not specified) and tell the agent to 'verify' data points before acting, which could be interpreted broadly. The skill also delegates to an external script (init_state.py) in another bundle—you should review that script to confirm it doesn't perform unexpected actions.
Install Mechanism
Instruction-only skill (no install spec, no code files). This is the lowest-risk install pattern; nothing is downloaded or written by the skill itself.
Credentials
The skill requests no environment variables, no binaries, and only reads a single declared state path in the user's home (~/.openclaw/governance/state.json). That access is proportional to its governance purpose.
Persistence & Privilege
always is false and the skill does not request persistent or elevated platform privileges. It does instruct agents to invoke another skill's script, which is expected for this bundle but means you should verify that other skill's behavior.
Assessment
This skill appears internally consistent for enforcing posture rules, but before installing: 1) Install and inspect the moses-governance bundle (especially the init_state.py script) to verify it does only what you expect. 2) Confirm the location and permissions of ~/.openclaw/governance/state.json and ensure only trusted operators can edit it. 3) Ask where 'logs' (execution decisions and rationales) will be written and who can access/transmit them; if unspecified, require the skill to log to a controlled, local path. 4) If you are concerned about broad 'verification' behaviors, limit agent autonomy or require operator confirmations for sensitive actions. If any of these items are unacceptable or the dependent bundle cannot be reviewed, consider not installing or running the skill with restricted agent privileges.

Like a lobster shell, security has layers — review code before you run it.

latestvk9778x1ndsy6qeyfnhk83szagx83yqjq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🛡️ Clawdis

Comments