Sammā Suit
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill claims it can take broad control over agent security behavior and log all activity, but the artifacts do not provide enough source, installation, data-handling, or scoping details to justify that authority.
Before installing, ask for the complete source repository, pinned install instructions, a clear uninstall/disable procedure, documentation for SAMMA_API_KEY permissions, and a privacy policy for audit logs. Avoid using it on sensitive or production agents until its lifecycle hooks, logging, signing, and kill-switch behavior are independently reviewed.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If installed incorrectly or controlled by an untrusted party, it could prevent the agent from working, block skills, or alter how tools are allowed to run.
The skill claims authority over core agent execution, including blocking activity, tools, skills, spending, and resource use. This is purpose-aligned for a security framework, but the artifact does not define user approval boundaries, rollback, or containment for these high-impact controls.
Sammā Suit intercepts OpenClaw's plugin hooks to enforce: ... Kill switch ... Permissions ... Skill vetting ... Budget controls ... Isolation
Only use this after reviewing complete source code and installation instructions, and confirm there is a clear disable/uninstall path and user-controlled policy configuration.
A compromised or over-privileged integration could misuse identity/signing authority or expose a security-service credential.
The skill requires a service API key and claims identity-signing authority over outbound messages, but does not explain key scope, where signing happens, or how identity permissions are limited.
requires:
env: ["SAMMA_API_KEY"] ... METTA — Identity. Ed25519 cryptographic signing on outbound messages.Use a minimally scoped, revocable API key and require documentation showing exactly what the key can access and how outbound message signing is controlled.
The user cannot verify what will actually be installed or whether the claimed security framework is trustworthy before granting it broad agent-control authority.
The skill claims to install/configure an open-source security framework with privileged lifecycle-hook behavior, but the provided artifacts include no source location, homepage, install spec, or code to review.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill; No code files present
Require a public source repository, pinned installation method, reviewed code, and versioned release provenance before installing.
Private prompts, outputs, tool arguments, and session details could be stored or exposed without the user understanding the data handling rules.
The skill says it logs all tool calls, messages, and session events, which may include sensitive user content and agent context, but it does not disclose storage location, retention, access controls, redaction, or reuse boundaries.
SILA — Audit trail. Logs every tool call, message, and session event.
Do not use this with sensitive workflows until log storage, retention, redaction, access control, and deletion controls are documented and configurable.
Users may trust the skill as a protective security layer despite lacking the evidence needed to assess its safety or correctness.
The artifact uses strong security claims, including 'open-source' and 'enforced governance layers,' but the supplied metadata provides no source or homepage and the skill package includes no implementation to verify those claims.
an open-source security framework that adds 8 enforced governance layers to OpenClaw as lifecycle hooks
Treat the security claims as unverified until the project source, documentation, and implementation are available for review.