Sardis Guardrails
WarnAudited by ClawScan on May 18, 2026.
Overview
The skill matches its Sardis wallet-guardrail purpose, but it gives an agent API-key-backed commands that can halt or resume all wallet transactions without an explicit confirmation boundary.
Install only if you need Sardis wallet emergency controls. Use a scoped Sardis API key, verify the exact wallet ID before use, and require human confirmation before any kill-switch activation or deactivation. Also check whether the referenced @sardis/sdk dependency is actually needed.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked incorrectly or too broadly, an agent could stop wallet transactions or resume them before the user has approved that action.
The skill explicitly supports wallet-wide transaction halts, and the visible instructions provide direct API commands for activation/deactivation without an explicit confirmation gate or scoped safety policy.
CRITICAL CONTROLS: This skill can activate emergency stops that halt all wallet transactions. Use with caution.
Require an explicit user confirmation step before any activate/deactivate call, require the exact wallet ID and reason to be restated, and default to read-only status/alert checks unless the user directly asks for a state change.
Anyone or any agent process with this key may be able to view guardrail information and perform wallet control actions allowed by the key.
The skill requires a Sardis API key and uses it as a bearer token for the Sardis guardrails API. That is expected for this service, but it is privileged because the API calls can affect wallet operation.
requires:\n env:\n - SARDIS_API_KEY\n... Authorization: Bearer $SARDIS_API_KEY
Use a dedicated least-privilege Sardis key limited to the intended wallet and guardrail operations, avoid exposing it in prompts/logs, and rotate it if it may have been shared.
If an installer honors this metadata, it may pull an external package that was not otherwise represented in the reviewed file set.
The skill frontmatter references an npm dependency without a pinned version, while the registry context says there is no install spec and no code files. This is not inherently unsafe, but it is an install/provenance ambiguity.
install:\n npm:\n - "@sardis/sdk"
Clarify whether @sardis/sdk is actually required, pin a reviewed version if it is needed, or remove the install entry for a purely instruction-only skill.