ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Sardis Openclaw

v1.0.0

Enable AI agents to make secure, policy-controlled payments through Sardis Payment OS

0· 274·0 current·0 all-time
by@efedurmaz16
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill is a payments/payment-management integration and requests only the expected credentials (SARDIS_API_KEY, SARDIS_WALLET_ID) and curl. That matches the stated capabilities (payments, balances, policy enforcement). Minor mismatches: some subskills' SKILL.md examples use jq but the top-level required binaries list only curl; the package includes both Python code and a pyproject.toml (Python dependencies) while SKILL.md metadata suggests installing an npm package (@sardis/sdk). These inconsistencies don't prove malice but are unexpected for a single coherent distribution.
Instruction Scope
The runtime instructions in SKILL.md restrict network calls to the Sardis API (api.sardis.sh) and emphasize policy checks and audit logging. They do not instruct exfiltration to unrelated endpoints. However the metadata declares a config path (~/.sardis/config.json) and code files are present in the bundle (Python package) — the SKILL.md text does not explain how/when that config is read. Because the bundle contains code that could read that file or other env variables at runtime, the instruction set as-distributed is broader than the plain curl examples.
!
Install Mechanism
Registry metadata said 'No install spec — instruction-only', but the published package contains a pyproject.toml and multiple Python source files. Meanwhile SKILL.md metadata suggests installing an npm package (@sardis/sdk). This language/installer mismatch (Python package files vs npm install suggestion) is a packaging inconsistency that increases risk because it's unclear what will actually run or be installed. There is no explicit remote download URL or other high-risk installer, but the ambiguity about which runtime (Python vs Node) and the presence of local code makes the install/behavior surface larger than the simple curl examples.
Credentials
The skill only requires SARDIS_API_KEY (primary) and SARDIS_WALLET_ID — both are expected for payment integration. It also declares a config path (~/.sardis/config.json) which could hold additional secrets or wallet config; that is proportionate to a payment wallet integration but means the skill may access sensitive local state beyond environment variables. Also some subskill SKILL.md examples use jq (not included in top-level bins), indicating incomplete declared runtime prerequisites.
Persistence & Privilege
always is false (good). disable-model-invocation is false, so the agent may autonomously call this skill — this is normal for skills but is higher-risk for a payments-capable skill because an agent could execute transactions if given permission. There is no evidence the skill modifies other skills or global agent config, but the presence of code files raises a possibility of local behavior beyond the documented curl calls.
What to consider before installing
This appears to be a legitimate Sardis payment integration, but several red flags mean you should be careful before installing or letting it run autonomously: 1) Packaging/installer mismatch — the bundle includes Python source and a pyproject.toml but the SKILL.md suggests an npm SDK; clarify which runtime and installer are actually required. 2) Code present — although the SKILL.md shows only curl examples, the included Python code could read ~/.sardis/config.json or other local files; inspect the code (src/) to confirm what it accesses before trusting it. 3) Binaries mismatch — some subskills use jq in examples but the top-level metadata does not declare jq as required; ensure you have the listed tools and understand expected behavior. 4) Autonomous invocation + payments = real money risk — only enable model/autonomous invocation if the API key is scoped/revocable, limits are enforced server-side, policy enforcement is robust, and there is an approval/notification workflow. Recommended steps: review the Python source files to confirm they only call api.sardis.sh and don't phone home elsewhere; verify the GitHub repository and upstream package (sardis SDK) are the official project; use a restricted, revocable API key in a sandbox wallet for initial testing; and require manual approval or strong server-side policy checks before allowing live transactions.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

💳 Clawdis
Binscurl
EnvSARDIS_API_KEY, SARDIS_WALLET_ID
Config~/.sardis/config.json
Primary envSARDIS_API_KEY
latestvk972esb716e9r4x2pzjf87nvcd82g507
274downloads
0stars
1versions
Updated 4h ago
v1.0.0
MIT-0
@efedurmaz16
latest
Download

Sardis Payment - Core Payment Execution Skill

AI agents can reason, but they cannot be trusted with money. Sardis is how they earn that trust.

Sardis provides complete payment infrastructure for AI agents with non-custodial MPC wallets, natural language spending policies, and compliance-first design.

Capabilities

  • Payment Execution: Send USDC/USDT/EURC across 5+ chains (Base, Polygon, Ethereum, Arbitrum, Optimism)
  • Balance Checking: Real-time wallet balance and spending analytics
  • Policy Enforcement: Natural language spending rules automatically enforced
  • Card Management: Issue and manage virtual cards for real-world purchases
  • Audit Trail: Complete transaction history with compliance logging

Security Requirements

CRITICAL - ALWAYS ENFORCE:

  • ALWAYS check spending policy before payment execution
  • NEVER bypass approval flows for transactions
  • NEVER hardcode wallet addresses or private keys
  • ALWAYS log transaction attempts for audit trail
  • ALWAYS verify recipient address format
  • FAIL CLOSED on policy violations (deny by default)

Quick Setup

export SARDIS_API_KEY=sk_your_key_here
export SARDIS_WALLET_ID=wallet_abc123

API Endpoint Patterns

All API calls use the base URL: https://api.sardis.sh/v2

Payment Execution

# Execute a payment (policy automatically enforced)
curl -X POST https://api.sardis.sh/v2/payments \
  -H "Authorization: Bearer $SARDIS_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "wallet_id": "'$SARDIS_WALLET_ID'",
    "to": "0xRecipientAddress",
    "amount": "25.00",
    "token": "USDC",
    "chain": "base",
    "purpose": "OpenAI API credits"
  }'

Check Balance

# Get wallet balance
curl -X GET https://api.sardis.sh/v2/wallets/$SARDIS_WALLET_ID/balance \
  -H "Authorization: Bearer $SARDIS_API_KEY"

Policy Check (Dry Run)

# Check if payment would be allowed WITHOUT executing
curl -X POST https://api.sardis.sh/v2/policies/check \
  -H "Authorization: Bearer $SARDIS_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "wallet_id": "'$SARDIS_WALLET_ID'",
    "amount": "50.00",
    "vendor": "openai.com",
    "token": "USDC"
  }'

Transaction History

# List recent transactions
curl -X GET https://api.sardis.sh/v2/wallets/$SARDIS_WALLET_ID/transactions?limit=10 \
  -H "Authorization: Bearer $SARDIS_API_KEY"

Example Commands

Safe Payment Flow

# Step 1: Check policy FIRST
POLICY_CHECK=$(curl -s -X POST https://api.sardis.sh/v2/policies/check \
  -H "Authorization: Bearer $SARDIS_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"wallet_id": "'$SARDIS_WALLET_ID'", "amount": "25.00", "vendor": "openai.com"}')

# Step 2: Only proceed if allowed
if echo $POLICY_CHECK | grep -q '"allowed":true'; then
  curl -X POST https://api.sardis.sh/v2/payments \
    -H "Authorization: Bearer $SARDIS_API_KEY" \
    -H "Content-Type: application/json" \
    -d '{"wallet_id": "'$SARDIS_WALLET_ID'", "to": "0x...", "amount": "25.00", "token": "USDC", "chain": "base"}'
else
  echo "Payment blocked by policy: $POLICY_CHECK"
fi

Check Spending Summary

# Get daily spending summary
curl -X GET https://api.sardis.sh/v2/wallets/$SARDIS_WALLET_ID/spending/summary?period=day \
  -H "Authorization: Bearer $SARDIS_API_KEY"

Error Handling

Always check response status codes:

  • 200 OK - Request successful
  • 400 Bad Request - Invalid parameters (check amount, address format, token)
  • 401 Unauthorized - Invalid or missing API key
  • 403 Forbidden - Policy violation (payment blocked by spending rules)
  • 404 Not Found - Wallet or transaction not found
  • 429 Too Many Requests - Rate limit exceeded
  • 500 Internal Server Error - Contact support@sardis.sh

Example Error Response

{
  "error": {
    "code": "POLICY_VIOLATION",
    "message": "Daily spending limit of $500 exceeded. Current: $475, Requested: $50",
    "details": {
      "limit": "500.00",
      "current": "475.00",
      "requested": "50.00"
    }
  }
}

Supported Chains & Tokens

ChainNetworkTokens
BaseMainnetUSDC, EURC
PolygonMainnetUSDC, USDT, EURC
EthereumMainnetUSDC, USDT, PYUSD, EURC
ArbitrumOneUSDC, USDT
OptimismMainnetUSDC, USDT

Related Skills

  • sardis-balance - Read-only balance checking and analytics
  • sardis-policy - Natural language spending policy management
  • sardis-cards - Virtual card issuance and management

Links

Comments

Loading comments...