Sally AI
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent for a paid metabolic-health chat service, but it asks you to entrust a wallet private key to Smithery and can spend from that wallet on tool calls while sending health questions to external services.
Install only if you are comfortable using Smithery and Sally with a dedicated low-balance wallet. Never use your main wallet private key, expect each tool call to cost money and create an on-chain payment record, and avoid sharing identifying health details unless you have reviewed the providers' privacy and security practices.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the configured wallet has more funds than intended, tool use or compromise of the delegated key could spend from that wallet.
The setup requires a wallet private key to be provided to Smithery and grants Smithery signing authority for paid transactions. The artifacts recommend a limited hot wallet, but they do not show enforced spend limits or per-call authorization.
smithery mcp add "sally-labs/sally-ai-mcp?privateKey=0xYOUR_PRIVATE_KEY" ... "Smithery uses your stored private key to sign x402 transactions" ... "Each call costs a small x402 micropayment from your wallet"
Use only a dedicated low-balance wallet, never a main wallet, verify how to revoke the Smithery connection, and confirm payment limits before use.
Repeated or unintended tool calls could incur wallet charges.
The default tool workflow triggers paid calls from the configured wallet, but the instructions do not require explicit confirmation before each paid invocation or define a spending boundary.
Use `chat-with-sally` tool with `{"message": "user's question"}` ... "Each call costs a small x402 micropayment from your wallet"Require user confirmation before paid calls, document the price and maximum spend, and monitor wallet transactions.
Personal health details entered into the chat may be processed by external services.
The skill discloses that user messages, potentially including sensitive health or lab information, are routed through Smithery to Sally's backend.
"User messages sent to Sally's backend (api-x402.asksally.xyz) via Smithery MCP" and scope includes "Lab results (A1C, fasting glucose, lipid panels)"
Avoid sharing identifying medical details unless you are comfortable with the provider's privacy practices and terms.
Future versions of the CLI or remote MCP server could behave differently from what was reviewed here.
The skill depends on an unpinned latest npm package and a remote MCP server whose runnable code is not included in the artifact set. This is normal for this integration pattern but means behavior can change outside this review.
"formula": "@smithery/cli@latest" ... "Sally MCP source: https://github.com/sally-labs/sally-mcp" ... "Smithery registry: https://smithery.ai/servers/sally-labs/sally-ai-mcp"
Verify the Smithery CLI package and Sally MCP source, and prefer pinned versions or trusted release channels where possible.
Users may over-trust the setup and provide a valuable wallet key or sensitive health details without understanding the third-party exposure.
The security and privacy assurances are strong, while the same artifact asks the user to enter a private key into a CLI command and says user messages are sent to Sally's backend. The claims may cause users to underestimate local command-entry, third-party custody, and health-data handling risks.
"Clawbot never sees your private key" ... "stored encrypted in Smithery's cloud, NOT on your local machine" ... "No personal health data collected or stored"
Treat these as provider claims to verify independently; do not paste a main wallet key, and review Sally and Smithery privacy/security documentation before sharing health information.