首页 / 技能 / Sardis Policy — 自然语言支出策略

📦 Sardis Policy — 自然语言支出策略

v1.0.0

用自然语言为 Sardis 代理钱包创建、编辑和管理链上支出策略,无需代码即可设定限额、白名单与多签规则。

0· 263·0 当前·0 累计
efedurmaz16 头像by @efedurmaz16 (EfeDurmaz16)
智能体自动化安全云服务
下载技能包
最后更新
2026/3/9
0
安全扫描
VirusTotal
无害
查看报告
OpenClaw
安全
medium confidence
NULL
评估建议
Before installing, verify the source and installation behavior: 1) Confirm the official Sardis homepage (https://sardis.sh) and the npm package @sardis/sdk are legitimate and reviewed; the SKILL.md references that package but the registry shows no install spec—ask whether your platform will run npm install automatically. 2) Ensure the SARDIS_API_KEY you provide is minimally scoped (test/dev key if possible) and rotate it if you later uninstall. 3) Test the skill against a non-production/test wal...
详细分析 ▾
用途与能力
Name, description, required binaries (curl, jq) and required env var (SARDIS_API_KEY) align with making HTTP calls to a Sardis API to create/manage policies. Small inconsistencies: registry metadata reported 'No install spec' and 'Homepage: none', yet SKILL.md includes a homepage (https://sardis.sh) and an install hint (npm: @sardis/sdk). These are likely bookkeeping issues but should be clarified.
指令范围
SKILL.md only shows curl-based calls to the Sardis API and sample usage that requires wallet IDs and the SARDIS_API_KEY. There are no instructions to read local files, secrets beyond SARDIS_API_KEY, or to exfiltrate data to unrelated endpoints. The instructions are scoped to policy creation, listing, testing, and template usage.
安装机制
Registry metadata indicated 'No install spec', but SKILL.md contains an 'install' block recommending npm install of '@sardis/sdk'. Installing an npm SDK is a common, moderate-risk action if performed, but the mismatch between declared install spec and SKILL.md is an inconsistency that should be resolved so you know whether the platform will fetch/execute that package.
凭证需求
Only SARDIS_API_KEY is required and is appropriate for an API that manages spending policies. No other unrelated secrets, config paths, or broad credentials are requested.
持久化与权限
The skill is user-invocable and allowed to be invoked autonomously (disable-model-invocation: false), which is the platform default. Because actions affect agent wallets (policy creation is immutable per the doc), consider whether you want agents to call this skill autonomously. There is no 'always: true' or other elevated persistence requested.
安全有层次,运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv1.0.02026/3/8

NULL

无害

安装命令

点击复制
官方npx clawhub@latest install sardis-policy
镜像加速npx clawhub@latest install sardis-policy --registry https://cn.longxiaskill.com
数据来源ClawHub ↗ · 中文优化:龙虾技能库