Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
SidClaw Governance
v1.0.0Add policy evaluation, human approval, and audit trails to any tool. Powered by SidClaw.
⭐ 0· 82·0 current·0 all-time
byVlPetrov@vladuzh
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description, required binaries (node), and required credentials (SIDCLAW_API_KEY, SIDCLAW_AGENT_ID) align with a governance/proxy service that evaluates tool calls. The declared primary credential (SIDCLAW_API_KEY) is appropriate for this purpose.
Instruction Scope
Runtime instructions tell the user to replace their MCP server config so every tool call is proxied through SidClaw. That is expected for a governance proxy, but it is high-impact: the proxy will see tool inputs/outputs and can block or delay actions. The SKILL.md does not instruct the agent to read unrelated files, but it does instruct editing ~/.openclaw/openclaw.json which affects agent-wide behavior.
Install Mechanism
This is an instruction-only skill (no install spec). The README and instructions rely on npx/@sidclaw/sdk at runtime (npx will fetch packages from npm). Fetching and executing packages via npx is a moderate-risk pattern (normal for JS tools but requires trusting the npm package and its publisher). No binary or archive downloads from unknown hosts are present in the skill itself.
Credentials
The two required env vars (SIDCLAW_API_KEY, SIDCLAW_AGENT_ID) are appropriate for a third-party governance service. However, the README lists additional required variables (e.g., SIDCLAW_UPSTREAM_CMD) that are not declared in the skill metadata — an inconsistency. Also, routing all tool traffic to an external API means the API key grants broad access to tool call metadata and possibly payloads; that is expected but high-privilege.
Persistence & Privilege
The skill does not set always:true and does not auto-run, which is correct. However, it explicitly asks the user to change the agent-wide MCP configuration (~/.openclaw/openclaw.json) so all tools are proxied. This is a cross-cutting change that affects every tool and therefore raises privilege/impact concerns if you do not fully trust the SidClaw service or SDK.
What to consider before installing
This skill is coherent for its stated purpose but is high-impact: it routes all tool calls through a third-party proxy. Before installing: 1) Verify SidClaw's identity and trustworthiness (check the official GitHub repo, npm package @sidclaw/sdk, and docs). 2) Back up ~/.openclaw/openclaw.json before making changes. 3) Confirm precisely which env vars are actually required (README mentions SIDCLAW_UPSTREAM_CMD but the skill metadata does not) and avoid putting long-lived secrets in shared configs if you are unsure. 4) Prefer self-hosting or an enterprise deployment of the SidClaw proxy (or reviewing the @sidclaw/sdk code) if you need to keep data on-prem. 5) Test with non-sensitive tools/data first to confirm behavior. If you want higher confidence, provide the skill's source code or the npm package/GitHub repo for review — seeing the @sidclaw/sdk code and release provenance would move this assessment toward 'benign.'Like a lobster shell, security has layers — review code before you run it.
approvalvk979nxbyd9pymhft4pg639drvd83dp9qcompliancevk979nxbyd9pymhft4pg639drvd83dp9qfinmavk979nxbyd9pymhft4pg639drvd83dp9qfinravk979nxbyd9pymhft4pg639drvd83dp9qgovernancevk979nxbyd9pymhft4pg639drvd83dp9qlatestvk979nxbyd9pymhft4pg639drvd83dp9qmcpvk979nxbyd9pymhft4pg639drvd83dp9qsecurityvk979nxbyd9pymhft4pg639drvd83dp9q
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🛡️ Clawdis
OSmacOS · Linux · Windows
Binsnode
EnvSIDCLAW_API_KEY, SIDCLAW_AGENT_ID
Primary envSIDCLAW_API_KEY