council-v2 Security Report — Trusted | ClawSafe

5 /100

council-v2

Multi-model council review skill that dispatches 3-5 independent AI reviewers and applies mechanical synthesis

This is a legitimate multi-model code review orchestration skill with transparent, documented behavior and no malicious indicators.

Skill Namecouncil-v2

Duration23.4s

Enginepi

✓

Safe to install

This skill is safe to use. No security concerns identified.

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ`	`READ`	✓ Aligned	SKILL.md states 'Reads content from file or stdin'
Shell	`WRITE`	`WRITE`	✓ Aligned	SKILL.md declares bash script execution for council.sh and synthesize.py
Network	`NONE`	`NONE`	—	No network calls found in scripts; external URLs in README are documentation onl…
Environment	`NONE`	`NONE`	—	No environment variable access observed
Skill Invoke	`WRITE`	`WRITE`	✓ Aligned	SKILL.md explicitly states 'spawns 3-5 independent AI reviewers'

4 findings

🔗

Medium External URL 外部 URL

https://openrouter.ai

README.md:43

🔗

Medium External URL 外部 URL

https://openrouter.ai/api/v1

README.md:48

🔗

Medium External URL 外部 URL

https://docs.openclaw.ai/concepts/models

README.md:57

🔗

Medium External URL 外部 URL

http://json-schema.org/draft-07/schema#

references/schema.md:7

File Tree

10 files · 35.0 KB · 1152 lines

Markdown 7f · 780L Python 1f · 202L Shell 2f · 170L

├─ ▾ 📁 assets

│ └─ 📝 council-v2-banner.md Markdown 9L · 349 B

├─ ▾ 📁 references

│ ├─ 📝 review-types.md Markdown 97L · 1.9 KB

│ ├─ 📝 role-prompts.md Markdown 140L · 4.4 KB

│ ├─ 📝 schema.md Markdown 149L · 3.7 KB

│ └─ 📝 synthesis-rules.md Markdown 92L · 2.7 KB

├─ ▾ 📁 scripts

│ ├─ 🔧 council.sh Shell 130L · 3.0 KB

│ ├─ 🔧 retro.sh Shell 40L · 932 B

│ └─ 🐍 synthesize.py Python 202L · 6.6 KB

├─ 📝 README.md Markdown 98L · 3.9 KB

└─ 📝 SKILL.md Markdown 195L · 7.6 KB

Security Positives

✓ Comprehensive SKILL.md with clear behavior documentation

✓ No credential harvesting or sensitive data access

✓ No obfuscation techniques (base64, eval, etc.)

✓ No remote script execution patterns (curl|bash, wget|sh)

✓ Clean subprocess usage limited to documented orchestration tasks

✓ JSON validation in synthesize.py prevents malformed input exploits

✓ No supply chain risks - Python stdlib only, no external dependencies

✓ Set -euo pipefail in bash scripts prevents silent failures

✓ No hidden functionality - all behavior matches documentation

Scan Report

File Tree

Security Positives