NORNR MCP Control
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is a disclosed governance wrapper for paid or risky actions, but it uses a NORNR API key and delegates behavior to a pinned external SDK that users should review.
This appears coherent and purpose-aligned, but install it only with a dedicated least-privilege NORNR API key, review the pinned SDK dependency, and confirm that approval-required, blocked, or anomalous actions truly stop until a human operator approves them.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A key with these scopes could affect financial approval flows and expose audit or event information in the NORNR workspace.
The skill asks users to provide a NORNR API key with write access to payment and approval workflows and read access to workspace/audit data. This is expected for the stated governance purpose, but it is sensitive authority.
Minimum action scope for the full skill surface: - `payments:write` - `workspace:read` - `approvals:write` - `events:read` - `audit:read`
Use a dedicated NORNR API key with only the listed minimum scopes, avoid broad admin or treasury scopes, and test in a non-production workspace first.
If configured poorly, an agent could be given the ability to approve consequential actions rather than only requesting review.
The command surface includes approving or rejecting payment intents. The artifacts frame this as operator-reviewed and purpose-aligned, but approval commands are high-impact if invoked without the intended human review.
`python nornr_governance.py approve --payment-intent-id pi_123 --comment "Approved after review"`
Ensure the approval command is only used after an explicit named-operator decision, and verify that queued or blocked states stop autonomous execution.
Most behavior is in the installed SDK rather than the small local wrapper included in the skill bundle.
The local bridge delegates the actual CLI behavior to the external `agentpay` package. The dependency is pinned in requirements.txt, but users still need to trust and review that external SDK.
from agentpay.openclaw import openclaw_cli
Review the pinned `nornr-agentpay==0.1.0` package and its provenance before enabling it in autonomous or finance-sensitive workflows.