Capital Equipment Network (CapNetEq)
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: capital-equipment Version: 1.0.0 The OpenClaw AgentSkills skill bundle for 'Capital Equipment Platform' appears benign. All prompts in AUTOMATIONS.md instruct the AI agent to use specific, legitimate tools (`search_equipment`, `search_marketplace`, `get_pricing`, `search_papers`) for its stated purpose of managing research equipment. There are no signs of prompt injection attempting to subvert the agent, exfiltrate data, establish persistence, or execute arbitrary commands. The skill connects to an external Google Cloud Function endpoint (`https://us-central1-capital-equipment-dev.cloudfunctions.net/mcpServer/mcp`), which is a standard pattern for skills requiring backend services and does not indicate malicious intent within the skill bundle itself.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent is authorized too broadly, it could create bookings or service requests that affect schedules or costs.
These are account or business actions that may reserve scarce facility time or initiate service-provider workflows, but the artifacts do not specify confirmation, cost limits, cancellation terms, or rollback before tool use.
**Book Equipment**: Reserve time slots directly through your assistant ... **Submit Service Requests**: Describe your research needs and get quotes from facility providers
Require explicit user confirmation before any booking, cancellation, service request, quote acceptance, or paid action; show facility, time, price, policy, and cancellation impact before execution.
The skill may keep querying the platform and sending updates after setup, which can surprise users or continue longer than intended.
This explicitly describes background agent activity outside a specific user request, including scheduled checks and notifications.
These automations run on OpenClaw's heartbeat/cron system to deliver proactive value without the researcher asking.
Make each automation opt-in, list active schedules, provide pause/delete controls, and keep background actions read-only unless the user confirms a higher-impact action.
Sensitive research plans or equipment interests could persist across sessions and influence future automated outputs or notifications.
Research interests, institution, watched equipment, notification channel, and prior scout results are persisted and reused, but the artifacts do not describe retention, deletion, isolation, or validation boundaries.
These preferences are stored in OpenClaw's persistent memory and used by all automations.
Document exactly what is stored, how long it is retained, how users can delete it, and how automations validate memory before using it.
Booking details, research interests, or facility contacts could be posted into a less-private channel than the user intended.
The automations send equipment listings, bookings, facility details, and network activity to external messaging channels, but the artifacts do not define recipient verification, channel privacy, or data minimization.
Preferred notification channel: [e.g., "WhatsApp", "Slack", "Discord"]
Require users to explicitly choose and verify notification destinations, preview sensitive messages, and suppress or redact booking/research details by default.
The user may not know exactly what account permissions the remote service receives.
OAuth account access is expected for a booking platform, but the artifacts do not list the OAuth scopes or separate read-only search from booking and management privileges.
Capital Equipment supports auto-discovery and secure OAuth 2.1.
Display OAuth scopes clearly and offer least-privilege modes, such as search-only, booking-with-confirmation, and admin/service-request access.
The actual tools and data handling are controlled by a remote service that could not be statically reviewed here.
The skill depends on a remote MCP server, and no server code or install package is included in the reviewed artifacts; the URL also appears to be a development Cloud Functions endpoint.
"type": "sse", "url": "[https://us-central1-capital-equipment-dev.cloudfunctions.net/mcpServer/mcp](https://us-central1-capital-equipment-dev.cloudfunctions.net/mcpServer/mcp)"
Use a documented production endpoint, publish provenance and server behavior, and describe the exact tools, permissions, and data flows exposed by the MCP server.