← 返回 Skills 市场
efedurmaz16

Sardis Openclaw

作者 EfeDurmaz16 · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
308
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install sardis-openclaw
功能描述
Enable AI agents to make secure, policy-controlled payments through Sardis Payment OS
安全使用建议
This appears to be a legitimate Sardis payment integration, but several red flags mean you should be careful before installing or letting it run autonomously: 1) Packaging/installer mismatch — the bundle includes Python source and a pyproject.toml but the SKILL.md suggests an npm SDK; clarify which runtime and installer are actually required. 2) Code present — although the SKILL.md shows only curl examples, the included Python code could read ~/.sardis/config.json or other local files; inspect the code (src/) to confirm what it accesses before trusting it. 3) Binaries mismatch — some subskills use jq in examples but the top-level metadata does not declare jq as required; ensure you have the listed tools and understand expected behavior. 4) Autonomous invocation + payments = real money risk — only enable model/autonomous invocation if the API key is scoped/revocable, limits are enforced server-side, policy enforcement is robust, and there is an approval/notification workflow. Recommended steps: review the Python source files to confirm they only call api.sardis.sh and don't phone home elsewhere; verify the GitHub repository and upstream package (sardis SDK) are the official project; use a restricted, revocable API key in a sandbox wallet for initial testing; and require manual approval or strong server-side policy checks before allowing live transactions.
功能分析
Type: OpenClaw Skill Name: sardis-openclaw Version: 1.0.0 The sardis-openclaw bundle provides a comprehensive suite of skills for AI agents to interact with the Sardis Payment OS. The package includes well-structured Python code (src/sardis_openclaw) and extensive documentation (SKILL.md files) for managing crypto payments, virtual cards, spending policies, and agent identities. The implementation uses standard libraries like httpx and FastAPI to interact with the official Sardis API (api.sardis.sh). The documentation includes strong defensive instructions for the AI agent, such as 'FAIL CLOSED on policy violations' and 'NEVER bypass approval flows.' No indicators of malicious intent, data exfiltration, or unauthorized execution were found.
能力评估
Purpose & Capability
The skill is a payments/payment-management integration and requests only the expected credentials (SARDIS_API_KEY, SARDIS_WALLET_ID) and curl. That matches the stated capabilities (payments, balances, policy enforcement). Minor mismatches: some subskills' SKILL.md examples use jq but the top-level required binaries list only curl; the package includes both Python code and a pyproject.toml (Python dependencies) while SKILL.md metadata suggests installing an npm package (@sardis/sdk). These inconsistencies don't prove malice but are unexpected for a single coherent distribution.
Instruction Scope
The runtime instructions in SKILL.md restrict network calls to the Sardis API (api.sardis.sh) and emphasize policy checks and audit logging. They do not instruct exfiltration to unrelated endpoints. However the metadata declares a config path (~/.sardis/config.json) and code files are present in the bundle (Python package) — the SKILL.md text does not explain how/when that config is read. Because the bundle contains code that could read that file or other env variables at runtime, the instruction set as-distributed is broader than the plain curl examples.
Install Mechanism
Registry metadata said 'No install spec — instruction-only', but the published package contains a pyproject.toml and multiple Python source files. Meanwhile SKILL.md metadata suggests installing an npm package (@sardis/sdk). This language/installer mismatch (Python package files vs npm install suggestion) is a packaging inconsistency that increases risk because it's unclear what will actually run or be installed. There is no explicit remote download URL or other high-risk installer, but the ambiguity about which runtime (Python vs Node) and the presence of local code makes the install/behavior surface larger than the simple curl examples.
Credentials
The skill only requires SARDIS_API_KEY (primary) and SARDIS_WALLET_ID — both are expected for payment integration. It also declares a config path (~/.sardis/config.json) which could hold additional secrets or wallet config; that is proportionate to a payment wallet integration but means the skill may access sensitive local state beyond environment variables. Also some subskill SKILL.md examples use jq (not included in top-level bins), indicating incomplete declared runtime prerequisites.
Persistence & Privilege
always is false (good). disable-model-invocation is false, so the agent may autonomously call this skill — this is normal for skills but is higher-risk for a payments-capable skill because an agent could execute transactions if given permission. There is no evidence the skill modifies other skills or global agent config, but the presence of code files raises a possibility of local behavior beyond the documented curl calls.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install sardis-openclaw
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /sardis-openclaw 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of sardis-payment skill. - Enables secure, policy-controlled payments via Sardis Payment OS. - Supports USDC/USDT/EURC transfers across multiple blockchains (Base, Polygon, Ethereum, Arbitrum, Optimism). - Features balance checking, virtual card management, and full transaction history with compliance logging. - Enforces strict spending rules and approval flows for all payments. - Provides clear error handling and setup instructions for safe API usage.
元数据
Slug sardis-openclaw
版本 1.0.0
许可证
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Sardis Openclaw 是什么?

Enable AI agents to make secure, policy-controlled payments through Sardis Payment OS. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 308 次。

如何安装 Sardis Openclaw?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install sardis-openclaw」即可一键安装,无需额外配置。

Sardis Openclaw 是免费的吗?

是的,Sardis Openclaw 完全免费(开源免费),可自由下载、安装和使用。

Sardis Openclaw 支持哪些平台?

Sardis Openclaw 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Sardis Openclaw?

由 EfeDurmaz16(@efedurmaz16)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论