ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Sanna Governance

v1.0.0

Sanna governance — tool calls are governed transparently

0· 80·0 current·0 all-time
by@nicallen-exd

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for nicallen-exd/sanna-governance.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Sanna Governance" (nicallen-exd/sanna-governance) from ClawHub.
Skill page: https://clawhub.ai/nicallen-exd/sanna-governance
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: node
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install sanna-governance

ClawHub CLI

Package manager switcher

npx clawhub@latest install sanna-governance
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (governance, Ed25519 receipts, constitutions, enforcement) is coherent with a governance plugin, but the skill is instruction-only and declares no implementation or credentials. The SKILL.md also lists a requiresPlugin (@sanna-ai/openclaw) which is plausible, but the registry entry provides no plugin or homepage; additionally the manifest requires the 'node' binary despite no code being shipped — this mismatch is unexplained.
!
Instruction Scope
The instructions assert that a governance layer intercepts every tool call and emits Ed25519-signed receipts, but they do not specify how interception, signing, or receipt persistence are performed, nor where signing keys are stored or how human escalation is delivered. The prose gives policies and tiers but contains no operational steps; that leaves a big gap between claimed behavior and what the skill itself will do at runtime.
Install Mechanism
There is no install spec and no code files, so nothing is written to the host by the skill itself (lower risk). However, the governance functionality appears to depend on an external plugin (@sanna-ai/openclaw) which is not included or linked; this reliance is noted but not an install risk in itself.
!
Credentials
No environment variables or credentials are declared, yet the SKILL.md claims Ed25519-signed receipts — signing requires private keys or platform-managed keys. The lack of declared key material or a clear key custody model is a proportionality gap: either the platform provides keys (not documented) or the skill omitted critical requirements.
Persistence & Privilege
The skill does not request always: true, does not include code that would persist or modify other skills, and is user-invocable only. There are no declared config paths or privileges beyond normal; persistence/privilege requests appear reasonable.
What to consider before installing
This SKILL.md reads like documentation for a governance plugin rather than an implementation. Before installing or trusting it: 1) confirm that the referenced plugin (@sanna-ai/openclaw) actually exists on your platform and inspect its source/publisher and install mechanism; 2) ask who manages the Ed25519 signing keys and where receipts are stored (platform-controlled keys are safer than undisclosed env vars); 3) ask why 'node' is required when no code is included — is there an expected local helper?; 4) require a concrete description of escalation/human-approval flows and evidence the plugin enforces (not merely describes) policies. If these questions are unanswered, treat the skill as untrusted — it makes strong security claims but provides no implementation or key custody details.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Binsnode
latestvk97438zw5kmdhe59tx1540v0d584frrf
80downloads
0stars
1versions
Updated 2w ago
v1.0.0
MIT-0
@nicallen-exd
latest
Download

Sanna Governance

This system has Sanna governance enabled. A constitution defines what actions are allowed, denied, or require escalation. Governance is applied automatically to every tool call — no special tool names or prefixes are needed.

How It Works

Call tools normally. The governance layer intercepts each call and evaluates it against the constitution before execution. There are three possible outcomes:

  • Allowed — the tool executes normally
  • Blocked — the tool is denied with an explanation of which rule was violated
  • Escalated — the tool requires human approval before it can proceed

Governed Tool Tiers

TierToolsRisk Level
1exec, bash, write, edit, apply_patch, processModifies system state
2browser, message, nodesComposite tools with high-risk actions
3web_search, web_fetch, cron, gateway, sessions_send, sessions_spawnAudit trail

Tier 4 tools (read, image, canvas, sessions_list, sessions_history, session_status, memory_search, memory_get, agents_list) are not governed.

Receipts

Every governed action generates a cryptographic receipt that proves governance was applied. Receipts are generated and persisted automatically — no action is needed from the agent.

Comments

Loading comments...