ClawHub
Back to skill
v1.3.0

Mandate

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:19 AM.

Analysis

No artifact-backed malicious behavior was found; Mandate is a disclosed wallet-policy checker, but it sits in the financial transaction path and requires trust in Mandate credentials, APIs, and optional plugins.

GuidanceMandate appears coherent and transparent for a wallet policy-enforcement skill. Before installing, make sure you trust Mandate with transaction metadata, secure the MANDATE_RUNTIME_KEY, understand that fail-closed validation can stop transactions, and separately review any recommended hook plugins before giving them access to wallet tool calls.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusNote
SKILL.md
You **MUST** call `/validate` before EVERY transaction... If validation is unreachable, you **MUST NOT** execute the transaction.

The skill intentionally makes Mandate validation a mandatory gate before wallet actions. This is purpose-aligned, but it gives the Mandate policy check direct control over whether transactions proceed.

User impactTransactions may be blocked or halted if the Mandate policy rejects them or if the validation service is unreachable.
RecommendationUse this only if you want Mandate to be a fail-closed wallet control, and ensure the configured policies and manual recovery process match your needs.
Agentic Supply Chain Vulnerabilities
SeverityMediumConfidenceHighStatusNote
SKILL.md
OpenClaw (recommended): `openclaw plugins install @mandate.md/mandate-openclaw-plugin`... Hooks auto-intercept Locus, Bankr, Sponge, and any swap/transfer/send tool call.

The skill recommends installing external plugins that hook financial tool calls, but those plugin contents are not included in the provided artifacts. The behavior is disclosed and central to the purpose, but the plugin supply chain should be reviewed separately.

User impactA compromised or unexpected plugin version could affect wallet transaction handling because the plugin sits in the transaction enforcement path.
RecommendationInstall plugins only from trusted sources, review their repository/package provenance, and pin or verify versions where possible.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusNote
SKILL.md
Auth:   Authorization: Bearer <MANDATE_RUNTIME_KEY>... Credentials: ~/.mandate/credentials.json

The skill uses a Mandate runtime credential and references a local credential store. This is expected for the integration, but it is sensitive account/security-control material.

User impactAnyone with access to the runtime key or credential file may be able to interact with the Mandate policy service for the configured agent.
RecommendationStore the runtime key securely, limit file permissions on Mandate credentials, and rotate the key if it may have been exposed.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityLowConfidenceHighStatusNote
SKILL.md
curl -X POST https://app.mandate.md/api/validate ... -d '{"action":"swap","reason":"Swap 0.1 ETH for USDC","amount":"50","to":"0xAlice"}'

The documented validation flow sends transaction intent details, including action, reason, amount, and recipient, to Mandate's external API. This is expected for policy validation, but it is still a third-party data boundary.

User impactMandate may receive sensitive financial intent metadata for wallet actions checked through the service.
RecommendationAvoid placing unnecessary private information in transaction reasons, and review Mandate's privacy and retention practices before using it for sensitive wallets.