ClawHub

Moses Stamp

v1.0.0

MO§ES™ Governed Output — embeds a governance stamp into every document produced. Mode, posture, session ID, and cryptographic integrity hash stamped on outpu...

0· 35·1 current·1 all-time
byburnmydays@sunrisesillneversee
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (governance stamping) align with the included script and SKILL.md. The skill only needs local filesystem access under ~/.openclaw/governance (declared in metadata). No unrelated binaries, credentials, or external services are requested.
Instruction Scope
Instructions require appending a stamp to many output types and state that enforcement is 'automatic' (default-on). The runtime instructions also reference another skill path (skills/moses-governance/scripts/init_state.py) to obtain mode/posture/role — that is a cross-skill coupling that may be missing at runtime. Aside from that, the SKILL.md and script only read/write the user's ~/.openclaw/governance state and append stamps to specified files.
Install Mechanism
No install spec; this is instruction-only with a small Python script. Nothing is downloaded or executed from remote URLs. Risk from the install mechanism is low.
Credentials
No environment variables or credentials are required. The SKILL.md mentions deactivation via 'an environment variable' but does not name it; that is an operational detail to clarify but not a security red flag. The skill only touches files under the declared stateDir.
Persistence & Privilege
always is false and the skill does not request permanent elevated privileges. It writes its own files under ~/.openclaw/governance (state.json and stamps.jsonl) which matches the declared stateDirs. It does not modify other skills' configs or system-wide settings.
Assessment
This skill appears to do what it claims: automatically append a local governance stamp to artifacts and keep a small local event log (~/.openclaw/governance/stamps.jsonl). Before installing, consider: 1) automatic stamping is default-on — confirm you want every external-facing document to be modified. 2) The stamp references a session ID and integrity hash; the script logs only hashes (not full content), but the stamp is appended to the document itself (so any stamped document will carry the stamp when shared). 3) SKILL.md references another skill's init_state.py for mode/posture; if you don't have that companion skill, stamping may require manual mode/posture inputs. 4) Deactivation is described but the environment variable name is unspecified — clarify how to disable in your agent. If you plan to use this in sensitive workflows, test in a sandbox and inspect the ~/.openclaw/governance files to confirm they meet your privacy/audit requirements.

Like a lobster shell, security has layers — review code before you run it.

latestvk973pg66svx7c52jtnd9qxy97d8408kr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🪙 Clawdis

Comments