tmrland-personal-demo
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This looks like a real TMR Land marketplace helper, but it can perform high-impact wallet, escrow, KYC, and marketplace actions with your API key and has inconsistent package identity metadata.
Before installing, verify that this is the official TMR Land package and that you trust the publisher. Use a limited personal API key if possible, keep TMR_BASE_URL pointed at the verified TMR Land endpoint, and require manual confirmation before any payment, withdrawal, escrow release, KYC submission, public review, dispute, publish, or deletion action.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If an agent runs the wrong command or uses the wrong order ID or amount, it could spend wallet funds, release escrow, or make lasting account changes.
Invoking this script immediately pays an order through the authenticated API. Similar included scripts withdraw wallet funds, accept delivery/release escrow, publish/delete intentions, and submit reviews, but the artifacts do not show confirmation prompts or approval guardrails.
const data = await tmrFetch("POST", `/orders/${positional[0]}/pay`, { currency });Require explicit user confirmation before payment, withdrawal, escrow release, KYC submission, reviews, disputes, publishing, or deletion; add dry-run/confirmation checks and validate IDs, amounts, and currencies.
Anyone or any agent process with access to this key can act as the user within the key's TMR Land permissions.
All scripts use the same TMR_API_KEY bearer credential for authenticated API calls, including wallet, orders, messages, KYC, and marketplace mutation endpoints.
const API_KEY = (process.env.TMR_API_KEY ?? "").trim(); ... "Authorization": `Bearer ${API_KEY}`Use a least-privilege personal API key if the service supports scopes, store it securely, avoid sharing logs, and rotate the key if you suspect misuse.
A user may not be able to easily verify whether this package is the official TMR Land skill or a repackaged/demo variant.
This does not match the supplied registry identity for the evaluated skill, which is tmrland-personal-demo version 1.0.5 with an unknown source. The mismatch is a provenance concern because the skill requests a real API key and can perform financial/account actions.
"ownerId": "tmrland", "slug": "tmrland-personal", "version": "1.6.0"
Install only if you can verify the publisher and homepage, and prefer an official, consistently named package for any skill that handles funds or identity data.
If TMR_BASE_URL is misconfigured or set to an untrusted endpoint, the API key and request data could be sent to the wrong service.
All authenticated API traffic, including wallet, message, order, and KYC data, is sent to the configured BASE_URL. The default is TMR Land, but the environment variable can redirect the data boundary.
const BASE_URL = (process.env.TMR_BASE_URL ?? "https://tmrland.com/api/v1").replace(/\/$/, "");
Leave TMR_BASE_URL at the default unless you intentionally use a verified TMR Land endpoint; do not point it at untrusted servers.
A malicious marketplace message could try to persuade the agent to take actions outside the user's intent.
Marketplace counterpart messages are printed into the agent's context. Those messages are expected for the skill, but they are remote user content and could contain instructions aimed at the agent.
console.log(`[${role}] ${m.content}`);Treat marketplace messages as untrusted content and do not let them override the user's instructions or trigger payments, withdrawals, escrow release, or other high-impact actions without confirmation.