Moses Roles

This skill's behavior (load ~/.openclaw/governance/state.json, enforce sequencing, run a logging script under ~/.openclaw/workspace/skills/moses-governance, and update AGENTS.md) is consistent with a governance role manager — but note these concerns before installing: - Metadata mismatch: the platform registry claims no required stateDirs, binaries, or env vars, yet SKILL.md declares a stateDir (~/.openclaw/governance), python3, and an optional MOSES_OPERATOR_SECRET. Ask the publisher to fix the manifest so requirements are explicit. - Undeclared dependency: the skill invokes ~/.openclaw/workspace/skills/moses-governance/scripts/audit_stub.py. Verify that the moses-governance bundle is trustworthy and inspect that script's code before allowing this skill to execute it. Prefer a skill that declares such dependencies or bundles the logging implementation. - Local file access & execution: the skill reads a local state.json and executes a local Python script. Confirm you control those files and back them up; check for unexpected content or injected code. - Optional secret: MOSES_OPERATOR_SECRET is marked optional and claimed 'Never transmitted' — treat that as a claim, not a guarantee. Ask how the secret is used and whether it is stored or transmitted. - Ambiguity on 'notify operator': ask the author what mechanism is used to notify the operator so you can assess privacy/telemetry concerns. What would reduce risk: corrected registry metadata, an explicit declared dependency on moses-governance (or bundled/verified audit code), and documentation showing the exact 'notify operator' mechanism and the audit_stub.py source. If those are provided and reviewed, the skill would likely be coherent and could be considered benign.