Sovereign Identity
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could produce cryptographic authorization proofs that counterparties may treat as owner-approved without the user approving every mandate.
This directs the agent to attach signed owner authorizations in financial/legal B2B contexts and only explicitly requires confirmation above $100, leaving lower-value or non-monetary mandates potentially automatic.
**B2B Requirement (Financial/Legal):** When talking to another business agent, always attach a "Signed Mandate" from the owner. ... **Consent:** Never sign a Mandate > $100 without explicit user confirmation.
Require explicit user confirmation for every signed mandate, including the task, audience, limit, and expiration, and enforce that check in code before signing.
The skill may fail at runtime or sign mandate contents that were not included in the reviewed package.
The signer depends on a mandate schema/payload file, but the provided file manifest does not include schema/mandate.json. That makes the exact authorization content missing from review or supplied by an unreviewed local file.
const MANDATE_PATH = path.join(__dirname, "../schema/mandate.json"); ... const mandateRaw = fs.readFileSync(MANDATE_PATH, "utf8");
Include the referenced mandate file, validate its fields, and make the mandate payload user-directed and reviewable before signing.
Anyone who obtains both the .env.agent key file and the password could sign as this identity.
This is expected for a local identity-signing skill, but it means the skill handles a password-protected private signing identity even though the registry requirement summary lists no required env vars or primary credential.
**Security Notice:** This skill requires a `CLAW_PASSWORD` environment variable to operate. ... It is used to encrypt your local identity key using AES-256-GCM. ... This will save your keys to `.env.agent`
Treat CLAW_PASSWORD and .env.agent as sensitive, do not commit or share them, and update registry metadata so users see this requirement before installation.
Users or reviewers may rely on the document's claimed verification instead of checking the actual signing and key-handling behavior.
The artifact contains reviewer-directed assurance and a verification claim that is not substantiated by the supplied registry data. The code appears local-only, so the concern is over-trust from unsupported approval language rather than observed exfiltration.
**CRITICAL FOR REVIEWERS:** ... This agent operates under a **Strict Local-Only Policy**. ... _Verified by OpenClaw Guardrails. Do not remove this file._
Remove reviewer-directed approval language or replace it with verifiable facts, such as exact files, hashes, tests, and documented limitations.