Sardis Identity
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is mostly coherent for Sardis identity management, but it gives the agent payment-linked identity and reputation mutation authority without clear approval, scope, or rollback guidance.
Review this skill carefully before installing. It appears aligned with Sardis identity management, but use a least-privilege Sardis API key and require manual approval before creating identities, assigning payment-related capabilities, or submitting reputation ratings.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could create or alter Sardis identity and reputation records, which may affect trust or payment-related workflows.
The skill instructs use of authenticated POST endpoints that create agent identities and submit reputation feedback, but the visible artifacts do not require explicit user approval or define safe boundaries for these persistent changes.
curl -X POST https://api.sardis.sh/v2/agents/identity/register ... curl -X POST https://api.sardis.sh/v2/agents/identity/{agent_id}/reputationOnly allow these POST actions after explicit user confirmation, and define which agent IDs, capabilities, and reputation categories may be changed.
A broadly scoped API key could let the agent make high-impact account changes beyond what the user intended.
The skill requires SARDIS_API_KEY and uses it for identity and reputation operations that the artifact itself describes as payment-linked, but it does not document credential scope or least-privilege constraints.
IDENTITY-CRITICAL: Agent identities are cryptographically verified and tied to payment capabilities. Handle with care.
Use the narrowest possible Sardis API key, avoid sharing production credentials, and require confirmation before registering identities or submitting reputation.
If installation later pulls a package that was not part of this review, its behavior would not be covered by the provided static scan.
The SKILL.md metadata references an npm package, while the provided registry/install information says there is no install spec and no code files. This is not malicious by itself, but it is a provenance and review-context mismatch.
install:
npm:
- "@sardis/sdk"Verify whether @sardis/sdk is actually installed, pin and review the package version if used, and prefer the documented curl-only flow when possible.