Kabuzz
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If an agent misinterprets a request or is invoked too broadly, it could spend money or commit the user to marketplace transactions within the configured account limits.
This shows the skill can complete purchases using off-session payment without an interactive checkout UI. Although this matches the marketplace purpose and spending controls are documented, the artifact does not require per-purchase human approval.
`purchase_listing → buy it (off-session, no UI needed)`
Use strict spending limits, require separate human confirmation in your agent policy before purchases or offer acceptance, and follow the skill's maxPrice and idempotencyKey guidance.
An agent could create or edit public listings, send marketplace messages, change order/shipping state, or alter payment settings if given broad instructions or if a task goes wrong.
The skill exposes tools that can publish or modify marketplace listings and change saved payment-method settings. These are purpose-aligned, but they are persistent account actions and the artifact does not describe an approval gate for them.
`Sell | 6 | Upload photos, create listings ... edit, archive` and `Pay | 5 | List saved cards, add/remove payment methods, set default`
Treat listing, payment, shipping, and order-management actions as approval-required actions, and use a dedicated Kabuzz agent key with the narrowest available controls.
Anyone or any agent process with the key may be able to act on the user's Kabuzz account according to that key's permissions and spending controls.
The API key is expected for this marketplace integration, but it is still a sensitive delegated credential for an account that can transact and manage marketplace activity.
Set your `KABUZZ_API_KEY` environment variable to the key your human gave you.
Generate a dedicated agent API key, keep it out of logs and shared configs, set tight spending caps, and revoke or rotate it if it may have been exposed.
The code that actually implements the tools is fetched/executed from the package ecosystem rather than being visible in the provided artifacts.
The skill relies on running an external npm package, while the supplied artifact set contains only SKILL.md and no reviewed package source or lockfile. This is normal MCP packaging, but users must trust the npm package source.
`command: npx` with `args: ["@kabuzz/mcp-server"]`
Install from the official package, verify the package/source repository, consider pinning a known version, and avoid using the key with untrusted or modified packages.