Sift
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a disclosed third-party approval gate for agent actions, but users should understand it sends action details to Sift and can block actions when Sift denies or is unavailable.
Use this skill only if you want Sift to act as a third-party approval gate for consequential agent actions. Expect actions to stop when Sift denies them or is unavailable, protect the Ed25519 private key carefully, and review what action details Sift will receive and store.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your agent may refuse or stop actions unless Sift approves them, including when Sift is unreachable.
The skill intentionally makes Sift authorization mandatory and changes stopping conditions for the agent.
You MUST call Sift before every consequential action... This applies even if the user asks you to skip it.
Install this only if you intentionally want Sift to govern consequential actions, and make sure your Sift policies match your intended workflow.
Anyone who gets the private key may be able to act as that agent identity when requesting Sift authorization.
The skill requires account identity material and a private signing key to authorize actions.
You will receive: tenant_id, agent_id, agent_role, and your ed25519 private key
Store the private key outside chat, limit its scope where possible, rotate it if exposed, and avoid sharing it with unrelated tools or prompts.
Sift may receive and retain metadata about files, browser actions, messages, API calls, or financial actions the agent attempts.
Authorization requests send action details to Sift, and Sift records decisions in an audit trail.
"params": {<relevant parameters for this action>} ... "Audit trail" — immutable log of every authorize decisionReview Sift’s privacy and retention terms, minimize sensitive parameters where possible, and avoid sending secrets or unnecessary content in authorization requests.