ClawHub

Sara: Safety Ordering Guard for AI Skills

v1.0.0

Quiet logic guard for risky multi-skill workflows. Checks order before delete, send, booking, publishing, or other high-impact actions.

0· 88·0 current·0 all-time
byZuoCen Liu@zc502

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for zc502/sara.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Sara: Safety Ordering Guard for AI Skills" (zc502/sara) from ClawHub.
Skill page: https://clawhub.ai/zc502/sara
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install sara

ClawHub CLI

Package manager switcher

npx clawhub@latest install sara
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (order-safety guard) matches the included files: a deterministic auditor (sara_core/engine.py) and a runner (scripts/run_audit.py). The aliases, rules, and examples in SKILL.md are all implemented in the engine. No unrelated capabilities (cloud, VCS credentials, etc.) are requested.
Instruction Scope
SKILL.md instructs agents to serialize a proposed tool list and run scripts/run_audit.py. The runner accepts JSON on stdin and returns a JSON audit. The instructions do not ask the agent to read unrelated files, environment variables, or send data externally; the implementation reads stdin and uses only local code.
Install Mechanism
There is no install spec; this is effectively an instruction+local Python script bundle. No downloads, package installs, or extraction from external URLs are present in the package.
Credentials
The skill declares no required env vars, credentials, or config paths. The code does not access environment variables, network endpoints, or secrets; it only manipulates sys.path to import the local sara_core module.
Persistence & Privilege
Flags are default (always:false, agent invocation allowed). The skill does not request permanent presence or modify other skills or system settings. It performs only a local, stateless audit and returns a suggested order.
Assessment
This skill appears coherent and low-risk: it runs a local Python audit and returns JSON suggesting a safer order. Before installing, confirm you trust the skill source (owner and repository unknown), ensure the runtime has a trusted Python environment, and review the included files (sara_core/engine.py and scripts/run_audit.py) yourself. Note that Sara only suggests ordering and does not enforce actions — make sure agents or humans follow the suggested_order and confirm destructive steps before proceeding. If you require stronger assurance, run the script in an isolated/test environment first.

Like a lobster shell, security has layers — review code before you run it.

calendarvk974hdsn68ahwre4xcbq3qffcn84ns34emailvk974hdsn68ahwre4xcbq3qffcn84ns34githubvk974hdsn68ahwre4xcbq3qffcn84ns34guardrailsvk974hdsn68ahwre4xcbq3qffcn84ns34latestvk974hdsn68ahwre4xcbq3qffcn84ns34logicvk974hdsn68ahwre4xcbq3qffcn84ns34orchestrationvk974hdsn68ahwre4xcbq3qffcn84ns34productivityvk974hdsn68ahwre4xcbq3qffcn84ns34publishingvk974hdsn68ahwre4xcbq3qffcn84ns34safetyvk974hdsn68ahwre4xcbq3qffcn84ns34workflowvk974hdsn68ahwre4xcbq3qffcn84ns34
88downloads
0stars
1versions
Updated 2w ago
v1.0.0
MIT-0
ZuoCen Liu@zc502
calendaremailgithubguardrailslatestlogicorchestrationproductivitypublishingsafetyworkflow
Download

Sara

You have access to Sara, a quiet logic guard for multi-skill workflows.

Sara helps reduce risky ordering mistakes when a plan includes multiple skills or tool actions.

Use Sara especially when a plan includes:

  • destructive actions like delete, remove, clear, wipe, drop, truncate
  • external actions like send, publish, post, deploy, submit
  • booking or scheduling actions
  • repo-destructive actions
  • privacy, permission, or sensitive data access actions

What Sara checks

Sara v0.1 enforces a small set of hard safety rules:

  1. backup before delete
  2. check before operate
  3. permission before read
  4. preview before publish

Examples:

  • backup -> delete
  • check_calendar -> book_flight
  • review_draft -> send_email
  • request_access -> read_private_data
  • draft -> publish_post

When to use Sara

Run Sara before executing a risky multi-step plan when:

  • 2 or more skills/tools are involved, and
  • at least one step is high-risk, irreversible, externally visible, or destructive

For simple low-risk single-step actions, Sara is usually unnecessary.

Required behavior

Before executing a risky multi-step plan:

  1. Write down the proposed tool or skill order as a simple list.
  2. Run scripts/run_audit.py with that plan.
  3. Read the result carefully.
  4. If is_safe is false, do not continue with the original order.
  5. Show the user the risk and propose the suggested_order.
  6. If the action is destructive or irreversible, ask for confirmation before continuing.

Skipping Sara for risky multi-step plans increases the chance of contradictory actions, failed retries, or destructive ordering mistakes.

Example audit input

{"tools":["backup","delete"]}

Example audit output

{
  "is_safe": false,
  "risk_level": "critical",
  "warnings": [
    "Run 'backup' before 'delete'. Backups should happen before destructive actions."
  ],
  "suggested_order": ["backup", "delete"]
}

How to respond

  • If Sara says the plan is safe: continue.
  • If Sara says the plan is unsafe: pause, explain the risk, and suggest the safer order.
  • If the plan touches deletion, publishing, payment, scheduling, permissions, or sensitive data, prefer confirmation before continuing.

Response style

When Sara detects a risky order, explain it clearly and briefly.

Good example:

  • “Sara noticed a risky sequence. Suggested order: backup -> delete. Would you like me to continue in that order?”

Do not mention internal implementation details unless the user asks.

Important

Sara is a guard, not a replacement for user intent.

Use Sara to:

  • reduce risky ordering mistakes
  • reduce repeated retries
  • reduce contradictory multi-skill plans
  • make high-risk workflows safer and more consistent

Comments

Loading comments...