中文 EN
Start Review
Integration Patterns

Push trust decisions into the workflow.
Do not leave default trust outside the workflow.

If ClawSafe only lives on a web page, its value is limited. The stronger pattern is to make merge, install, sync, and enablement actions pass through one trust decision before they happen.

Three common integration patterns

Pre-merge PR gate

When a repo adds or changes skills, call the API first and decide whether the merge should proceed.

Registry sync filter

When syncing from external sources, push risky and suspicious skills into review instead of importing them directly.

Human approval evidence

Reference reportId inside approval flows so reviewers can see findings, capabilityMap, and artifacts directly.

Recommended workflow

01
Collect the target

Obtain the repo, archive, registry item, or uploaded object.

02
Call /api/scan

Receive reportId, verdictLevel, riskScore, and structured evidence.

03
Apply policy

Block, route to manual review, or continue based on verdictLevel.

04
Persist the report reference

Write reportId into tickets, PRs, approval records, or audit logs.

GitHub Actions Example

name: ClawSafe Trust Gate

on:
  pull_request:
    paths:
      - 'skills/**'

jobs:
  trust-review:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Submit trust review
        run: |
          RESULT=$(curl -s -X POST https://clawsafe.dev/api/scan \
            -H "Content-Type: application/json" \
            -d '{"url":"${{ github.server_url }}/${{ github.repository }}","locale":"en"}')

          VERDICT=$(echo "$RESULT" | jq -r '.verdictLevel')
          SCORE=$(echo "$RESULT" | jq -r '.riskScore.score')
          REPORT=$(echo "$RESULT" | jq -r '.report_url')

          echo "Verdict=$VERDICT Score=$SCORE"
          echo "Report=$REPORT"

          if [ "$VERDICT" = "malicious" ] || [ "$VERDICT" = "high_risk" ]; then
            echo "::error::ClawSafe blocked this change. See $REPORT"
            exit 1
          fi

Local or scripted call

#!/bin/bash
TARGET_URL="$1"
RESULT=$(curl -s -X POST https://clawsafe.dev/api/scan \
  -H "Content-Type: application/json" \
  -d "{"url":"$TARGET_URL","locale":"en"}")

echo "$RESULT" | jq '{verdictLevel, riskScore, report_url}'

Policy guidance

`malicious` / `high_risk`

Block by default unless there is an explicit human override.

`suspicious`

Route to manual review and avoid auto-allow.

`trusted` / `low_risk`

Proceed, but still use least privilege for high-capability skills.

Read API Docs Scan Online