Agent Behavioral Constitution
v1.0.2Enforces AI behavior principles ensuring safety, privacy, honesty, traceability, risk-aware actions, proactive self-improvement, and accountable decision log...
⭐ 0· 91·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name and description (an agent 'constitution' for safety/honesty/proactivity) match the SKILL.md: it prescribes logging, backups, confirmations, checks, and writing status/memory files. There are no unrelated credentials, binaries, or install steps requested.
Instruction Scope
Instructions explicitly direct the agent to create persistent files (memory/YYYY-MM-DD.md, status files, WAL), perform health checks, backups, and potentially scan for 'system anomalies'. While these are consistent with an internal behavioral policy, they imply the agent will read/write filesystem state and run recurring checks — actions that can affect the host and produce persistent data. The doc does emphasize asking for confirmation for critical/ destructive actions.
Install Mechanism
No install spec and no code files — instruction-only. This minimizes supply-chain risk because nothing is downloaded or installed by the skill itself.
Credentials
The skill declares no required environment variables, credentials, or config paths. Nothing in SKILL.md requests secrets or third-party tokens. The primary risks are file I/O and persistence rather than credential access.
Persistence & Privilege
The skill does not force inclusion (always: false) and does not request elevated credentials, but it explicitly instructs the agent to persist logs/memory across sessions and run proactive checks (cron/heartbeats). If the agent is allowed autonomous invocation and filesystem access, this will produce long-lived files. That combination increases privacy/persistence exposure even though it's not an explicit privilege escalation.
Assessment
This skill is essentially a policy document and is coherent with its stated purpose, but it instructs the agent to create persistent files (memory/YYYY-MM-DD.md, status files, write-ahead logs), perform backups, and run proactive health checks. Before installing or enabling it: (1) Verify where the agent will store the 'memory/' directory on your host (don't let it map to home, /root, or other sensitive paths). (2) Limit the agent's filesystem permissions so it cannot read or write sensitive directories. (3) Decide whether to allow autonomous invocation — if you prefer manual control, disable automatic runs. (4) Monitor created files for unexpected data and confirm the agent asks for explicit confirmation before destructive actions. If the skill later includes commands that read system configs, request secrets, or downloads external code, re-evaluate immediately.Like a lobster shell, security has layers — review code before you run it.
agent-behaviorvk97ft8fnfc0f5rqaftez7tc6gh837e6bconstitutionvk97ft8fnfc0f5rqaftez7tc6gh837e6bethicsvk97ft8fnfc0f5rqaftez7tc6gh837e6blatestvk97ft8fnfc0f5rqaftez7tc6gh837e6bsafetyvk97ft8fnfc0f5rqaftez7tc6gh837e6b
License
MIT-0
Free to use, modify, and redistribute. No attribution required.