CSFloat

WarnAudited by ClawScan on May 10, 2026.

Overview

The skill is described as query-only, but its instructions include creating CSFloat marketplace listings with an API key, which can affect a user’s account and assets.

Review carefully before installing. If you only want CSFloat lookups, do not let the agent run the create-listing command, and verify that any API key you provide is limited to the minimum permissions needed.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

High

#ASI02: Tool Misuse and Exploitation

What this means

An agent following these instructions could create a CSFloat listing and potentially expose or sell an item when the user expected read-only data lookup.

Why it was flagged

This is a state-changing marketplace action, not just a data query, and it can create a public listing with a price.

Skill content

### Create a listing
curl -X POST "https://csfloat.com/api/v1/listings" ... -d '{"asset_id": 21078095468, "type": "buy_now", "price": 8900, "description": "Just for show", "private": false}'

Recommendation

Restrict the skill to read-only endpoints, or clearly separate write actions and require explicit user confirmation with reviewed asset ID, price, and visibility before any listing is created.

Medium

#ASI03: Identity and Privilege Abuse

What this means

If the API key has trading or listing permissions, installing the skill gives the agent authority over actions that may affect the user’s CSFloat account and assets.

Why it was flagged

The skill requires a CSFloat API key, and the same instructions include marketplace mutation capabilities, which exceeds the query-only description.

Skill content

requires":{"bins":["jq"],"env":["CSFLOAT_API_KEY"]} ... export CSFLOAT_API_KEY="your-api-key"

Recommendation

Use the least-privileged/read-only API key if CSFloat supports one, and avoid enabling listing creation unless the skill explicitly documents the required permissions and approval flow.

Low

#ASI09: Human-Agent Trust Exploitation

What this means

Users may misunderstand what service is being accessed or assume the skill is read-only when it also documents a write action.

Why it was flagged

The query-only description conflicts with the create-listing command, and the reference to Trello appears inconsistent with CSFloat.

Skill content

description: Queries csfloat.com for data on skins ... All commands use curl to hit the Trello REST API.

Recommendation

Correct the documentation to consistently name CSFloat and clearly disclose whether the skill is read-only or can create marketplace listings.