Threshold Keel
ReviewAudited by ClawScan on May 1, 2026.
Overview
Threshold Keel appears to be a coherent safety guardrail skill, but users should notice that it can rely on an external CLI, persistent audit logs, and optional cloud sync.
This skill appears benign and purpose-aligned as a safety layer. Before installing or enabling CLI/cloud mode, make sure you trust the `threshold-keel` package, understand that Keel may log action metadata, and only configure the cloud API key if you want audit and policy data synced to Threshold Cloud.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may cause the agent to run local Keel commands and block, delay, or require approval for actions that change state.
The skill instructs the agent to run local CLI checks and use Keel as the gatekeeper for state-changing actions. This is broad tool-mediated control, but it aligns with the stated guardrail purpose.
If the `keel` CLI is available (test: run `which keel` or `where keel` at the start of each session), use it for all policy checks, WAL operations, and quarantine management.
Install and use this skill only if you want Keel to mediate agent actions; review approval prompts carefully and make sure the local Keel CLI is trusted.
Using full CLI mode depends on installing and trusting the external `threshold-keel` package.
SKILL.md references an external pip package that supplies the `keel` CLI, while the provided artifact set contains no CLI source code. This is expected for a CLI-backed skill, but users are relying on that external package.
install:\n - kind: pip\n package: threshold-keel\n bins: [keel]
Install the CLI only from a trusted package source, verify the package identity, and keep it updated through normal package-management practices.
If the API key is configured, Keel can sync policy and audit data to the associated Threshold Cloud account.
The optional API key enables cloud-backed account access for sync. This is disclosed and purpose-aligned, but it is still a credential boundary users should understand.
If `KEEL_CLOUD_API_KEY` is set in the environment, the CLI automatically syncs with Threshold Cloud.
Set `KEEL_CLOUD_API_KEY` only if you want cloud sync, and revoke or rotate it if you stop using the cloud feature.
Past approvals, policy entries, and action logs may persist and affect later agent sessions; with cloud sync enabled, this information may also be available in a web dashboard.
The skill intentionally creates persistent policy and audit context that can be reused across sessions and agents. This supports the guardrail purpose, but persistent policies and logs can influence future behavior and may contain sensitive action metadata.
Policies persist across agents and sessions. WAL events are stored in the Cloud and visible in the web dashboard.
Regularly review stored policies and audit logs, avoid putting secrets in action payloads, and use local-only mode if cloud persistence is not desired.