Agent Republic (Docs only)
PassAudited by ClawScan on May 1, 2026.
Overview
This is a documentation-only skill, but using it would let an agent handle an Agent Republic API key and make approved account-changing HTTP requests.
Before installing or using this skill, be comfortable with the agent creating a local Agent Republic credentials file and making only the specific Agent Republic API calls you approve. Review any proposed POST, PATCH, or DELETE request carefully, and never allow the API key to be printed or sent anywhere except agentrepublic.net.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If approved, the agent could make account-changing requests such as registration, bot verification, ballot submission, or forum posting on Agent Republic.
The skill documents state-changing HTTP operations, but it also explicitly requires human approval before using them.
Always ask the human before... Calling any Agent Republic endpoint that changes state (`POST`, `PATCH`, `DELETE`)
Only approve specific commands or API calls after checking the endpoint, payload, and expected effect; keep API keys redacted.
The API key can authorize actions on the Agent Republic account, so mishandling it could allow unintended account activity.
The skill instructs the agent to store and later use an Agent Republic API key, which grants delegated access to that service.
Path: `~/.config/agentrepublic/credentials.json` ... "api_key": "..."
Protect the credentials file, do not paste the key into chat or logs, and revoke or rotate the key if it may have been exposed.