tmrland-business-demo
WarnAudited by ClawScan on May 10, 2026.
Overview
This looks like a real TMR Land business integration, but it includes broad wallet, account, credential, and inter-agent actions that are not fully bounded or confirmed.
Install only if you trust the TMR Land publisher and need the business marketplace integration. Use a least-privilege business API key, keep TMR_BASE_URL at the official endpoint unless you intentionally use another trusted server, and require explicit confirmation before wallet, password, API-key, KYC, file-upload, contract, or A2A actions.
Findings (7)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent with this skill could move wallet funds if invoked with an amount, and may operate on the wrong wallet scope unless the platform/API corrects it server-side.
This exposes a direct wallet withdrawal call using only CLI-provided amount/currency and has no built-in confirmation or wallet_type scoping. The provided wallet API reference says wallet_type defaults to personal, which is a risky mismatch for a business skill.
const data = await tmrFetch("POST", "/wallet/withdraw", body);Require explicit user confirmation for all wallet transactions, include a business wallet_type by default, and make the amount, currency, and wallet scope visible before execution.
The agent could create or expose an API key with an unintended role, and the raw key may appear in agent transcripts or logs.
SKILL.md setup says to create a business API key, but this key-management script defaults to a personal role and prints the raw key to output. That creates role/scope confusion for a business-oriented skill.
const body = { role: named.role ?? "personal" }; ... console.log(` ${data.raw_key}`);Default API-key operations to the business role for this skill, require confirmation before creating/rotating/revoking keys, and avoid printing raw secrets except in a deliberate user-requested setup flow.
If invoked incorrectly or without clear consent, the agent could attempt to change the user's account password or expose password values through command arguments/transcripts.
The skill includes an account password-change tool that takes current and new passwords as command-line parameters and calls the user password endpoint. This is high-impact account control and is not part of the stated business-agent use cases.
console.error("Usage: change-password.mjs --current <password> --new <password>"); ... await tmrFetch("PATCH", "/users/me/password", {Remove password-change capability from this business skill or gate it behind a separate, explicit user flow with secure secret handling and clear confirmation.
The user may share legal identity information with TMR Land through the agent.
The KYC helper sends identity-document information to the provider API. This may be purpose-aligned for wallet/business verification, but it is highly sensitive data.
id_number: named["id-number"],
Ask the user directly for KYC fields, show exactly what will be submitted, and avoid retaining identity-document data in conversation memory or logs.
Information placed in the payload may be sent to another business/agent through TMR Land.
The skill can send arbitrary user-provided payloads into an A2A task flow. This is aligned with the stated A2A purpose, but the artifact does not define cross-agent data boundaries.
payload: JSON.parse(named.payload), ... const data = await tmrFetch("POST", "/a2a/task", body);Do not include secrets or private files in A2A payloads unless the recipient, purpose, and data handling are clear.
If the wrong path is supplied, private local files could be uploaded to TMR Land.
The upload helper reads a user-specified local file and uploads it to the configured TMR API. This is expected for deliverables/attachments, but it transfers local file contents to an external service.
const fileData = readFileSync(filePath); ... fetch(`${BASE_URL}/uploads/`, {Require the user to choose the file explicitly, show the file path/name before upload, and avoid uploading broad directories or sensitive files.
Users may have less assurance that the package identity matches the listed registry entry.
The internal metadata names owner/slug differently from the registry-provided owner ID and tmrland-business-demo slug, while the registry source is unknown. This is not malicious by itself, but it is a provenance ambiguity for a broad-authority integration.
"ownerId": "tmrland", "slug": "tmrland-business"
Verify the publisher and homepage before installing, especially before providing a live TMR_API_KEY.