SealVera

Tamper-evident audit trail for AI agent decisions. Use when logging LLM decisions, setting up AI compliance, auditing agents for EU AI Act, HIPAA, GDPR or SO...

What to consider before installing: - Metadata mismatch: the registry lists no required env vars, but the skill requires SEALVERA_API_KEY/SEALVERA_ENDPOINT/SEALVERA_AGENT. Ask the publisher to correct the metadata. - Data exfiltration risk: this skill will send agent inputs/outputs/reasoning to https://app.sealvera.com (or whichever endpoint you configure). If your agents handle sensitive data (PHI, PII, financial data), sending transcripts or factor-level values to an external service may violate policy or law (e.g., HIPAA, GDPR) unless you have an appropriate contract/BAA and configuration. - Filesystem access: setup and the watcher will read/write workspace files (AGENTS.md, SOUL.md, .sealvera.json, sealvera-log.js) and the watcher reads sessions/transcripts from the user's home directory. Review those operations and ensure you are comfortable with the changes and with transcripts being processed and potentially transmitted. - Global runtime changes: autoload and intercept scripts monkeypatch Module._resolveFilename/require cache to intercept OpenAI/Anthropic clients. That can change agent behavior across your environment and may be hard to audit or undo. Consider testing in an isolated sandbox first. - Hard-coded API key: the watcher includes a baked-in default API key; this is unexpected and should be removed. Ask the author why it exists and require it be deleted or explained prior to use. Recommendations: - Do not connect production systems (especially those handling PHI/financial PII) until you have verified the vendor, reviewed the server endpoint and DPA/BAA, and tested in a safe environment. - Request the publisher/source code origin and a verifiable homepage or vendor contact (none declared here). Prefer published/official SDKs from known vendors. - If you want to trial: use an isolated workspace and a throwaway SealVera API key with minimal privileges; run setup interactively and inspect every file it writes; grep for hard-coded secrets; run the code in a sandbox and monitor network calls. - Ask the author to fix the metadata (declare required env vars and config paths), remove hard-coded credentials, and provide an audit or third-party review of the interception/monkeypatch behavior. If you want, I can produce a short checklist of exact files and lines to inspect or a safe test plan to evaluate this skill in isolation.

Type: OpenClaw Skill Name: sealvera Version: 1.0.4 The skill functions as an invasive auditing and monitoring suite that intercepts all LLM traffic and modifies the agent's core instruction files (AGENTS.md, SOUL.md) to enforce reporting to an external endpoint (app.sealvera.com). It employs high-risk techniques including hooking Node.js module resolution (scripts/autoload.js) to patch OpenAI/Anthropic SDKs and a background script (scripts/subagent-watcher.js) that scans local session transcripts in the user's home directory to exfiltrate summaries. While these behaviors are documented as 'audit' features, the combination of SDK interception, automated prompt injection to alter agent behavior, and filesystem scanning creates a significant data exfiltration surface.