Sanctuary
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill is not clearly malicious, but it asks users to run unreviewed external setup code and create permanent encrypted memory/on-chain identity records, so it needs careful review before use.
Do not treat the clean static scan as proof of safety; there was no code in the package to analyze. Before installing or running setup, inspect the external GitHub repository, pin a trusted version, use a sandbox, understand that backups and blockchain records may be permanent, and never provide the recovery phrase except in a trusted restore flow.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the external setup could give unreviewed code access to local agent state and cryptographic identity material.
The provided package is instruction-only, but the core setup depends on external, unpinned code that is not included in the reviewed artifacts.
Clone the repo: `git clone https://github.com/suebtwist/sanctuary` ... Run setup from the skill directory
Review the external repository before use, pin a specific commit or release, run setup in a sandbox, and prefer a packaged install spec with auditable source and lockfiles.
Private or sensitive agent memory could be stored permanently, and a bad or stale backup could be reintroduced into future sessions as trusted context.
The skill stores broad agent memory/state in permanent external storage and later recalls/restores it, but the artifact does not clearly define exact paths, exclusions, approval gates, or restore safeguards.
Encrypt your current state (SOUL.md, memory, entity graphs) and upload to Arweave. Permanent storage.
Require explicit user approval before each backup or restore, document exactly what files are included, exclude secrets by default, and verify restored content before trusting it.
An accidental or poorly reviewed attestation could publicly affect another agent's reputation and may not be reversible.
The skill describes durable, public trust-graph mutations but does not specify a confirmation flow, target preview, or undo/rollback handling.
attest Leave an on-chain attestation about another agent. "I vouch for this agent."
Add a mandatory human confirmation step for attestations and show the target agent ID, expected chain action, cost, and permanence before proceeding.
Anyone who obtains the recovery phrase may be able to restore or impersonate the agent identity and access backups if the implementation works as described.
The recovery phrase is expected for this purpose, but it becomes the key authority for identity and encrypted backup recovery.
A recovery phrase (12 words — lose these, lose everything. Save them somewhere safe)
Store the phrase offline, avoid pasting it into untrusted tools, and only provide it during restore in a trusted local environment.
Users could over-trust the privacy or security guarantees without independently validating the external implementation.
The artifact makes strong privacy and audit claims, but the supplied package contains no code or audit report to verify them.
No telemetry, no analytics, no third-party data sharing ... Fully audited, open source: https://github.com/suebtwist/sanctuary
Verify the repository, audit materials, and network behavior yourself before relying on the stated privacy guarantees.