Back to skill
Skillv1.0.1
ClawScan security
Umnix constitution for ai agents · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 5, 2026, 3:35 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only, conceptual governance framework that does not request credentials, binaries, or install steps and its requirements align with its stated purpose.
- Guidance
- This skill appears coherent and low-risk: it is a conceptual governance guide that does not request credentials or install software. Before installing, verify the skill's publisher/source (the registry shows an opaque owner ID and no homepage), confirm that umnix.in is the intended external site you will use, and review the full (untruncated) SKILL.md to ensure no additional instructions were omitted. If you plan to follow its suggestions to transfer or link agent memory or identities to external services, make sure you understand the privacy/consent implications and the authentication steps required by that external platform.
Review Dimensions
- Purpose & Capability
- okThe name/description (agent constitutions and governance) match the SKILL.md content. The skill is purely conceptual and references using the Umnix web interface (umnix.in) to create and manage constitutions; it does not request unrelated credentials, binaries, or system access.
- Instruction Scope
- okThe instructions are limited to governance concepts, lifecycle guidance, and examples (mandates, permissions, prohibitions, performance, escalation, succession). They tell agents to draft and submit constitutions via the Umnix web interface; they do not instruct reading local files, scanning environment variables, or exfiltrating data. No vague 'gather whatever context you need' language that would grant broad discretion was found in the provided text.
- Install Mechanism
- okNo install specification or code files are present. This is instruction-only, so nothing is downloaded or written to disk by an installer.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths, which is proportional for a conceptual/educational governance framework. There are no unexplained secret requests.
- Persistence & Privilege
- okFlags show always:false and default autonomous invocation allowed; these are appropriate for a user-invocable, non-privileged instruction-only skill. The skill does not request permanent presence or attempt to modify other skills or system-wide settings.