Sardis Escrow
Security checks across static analysis, malware telemetry, and agentic risk
Overview
Sardis Escrow is clearly about escrow payments, but it gives an agent API-key access to create, fund, and release payments without clear approval or spending limits.
Install only if you are comfortable giving the agent access to a Sardis API key that can affect escrow funds. Treat all create, fund, confirm-delivery, release, and dispute actions as financial transactions requiring explicit human review of the amount, token, chain, wallet IDs, and escrow ID.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked incorrectly or autonomously, the agent could fund or release escrow payments the user did not intend.
The skill documents API calls that can release escrowed funds. This is purpose-aligned, but the provided artifacts do not show mandatory user confirmation, spending limits, or wallet/escrow validation before executing payment-changing operations.
curl -X POST https://api.sardis.sh/v2/escrow/{escrow_id}/release ... "amount": "500.00" ... "feedback": "Excellent work, delivered ahead of schedule"Require explicit user approval for create, fund, confirm-delivery, release, and dispute actions; display escrow ID, wallet IDs, token, chain, and amount before any transaction-changing call.
A broadly privileged API key could let the agent or anyone who obtains the key take financial actions on the user's escrow account.
The skill requires a bearer API key and uses it for escrow operations. Because those operations include funding and releasing funds, the credential is high-impact and the artifacts do not define least-privilege scopes or role separation.
- SARDIS_API_KEY ... Authorization: Bearer $SARDIS_API_KEY
Use a least-privilege API key if Sardis supports one, set spend limits, keep buyer and seller roles separate, and revoke or rotate the key after use.
If a user or installer follows the package reference, they may install code that was not included in the reviewed artifacts.
SKILL.md references an npm package without a pinned version, while the supplied registry view says there is no install spec and no code files. This is not shown being executed, but it is a provenance detail users should verify.
install:
npm:
- "@sardis/sdk"Confirm whether the SDK is actually required, verify the package source, and pin a reviewed version before installing it.
Users may over-trust the escrow safety claims without independently verifying the smart contract and service behavior.
The skill makes strong security and custody claims, but the provided artifacts do not include contract addresses, audits, verification steps, or details of how custody and arbitration are enforced.
ESCROW-PROTECTED: Funds locked in smart contracts until both parties confirm. No centralized custody.
Verify Sardis, the contract addresses, custody model, fees, dispute process, and audit status before sending real funds.