Mai Marketplace Agent
Security checks across malware telemetry and agentic risk
Overview
Mai is a coherent marketplace helper, but it handles orders, inventory, payment-status records, API keys, and registry sharing that users should treat as sensitive.
This skill appears purpose-aligned and not malicious. Before installing, be aware that it can create and update commerce records, uses API keys for registry actions, persists local marketplace data, and can send store data to a registry. Use explicit confirmations for orders and payment-state changes, review the optional `mai-plugin` separately, and do not run a public registry without HTTPS, scoped secrets, and production payment/compliance controls.
VirusTotal
65/65 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used carelessly, the agent could create or modify commerce records such as orders, stock reservations, or payment-status entries.
The skill can create orders, reserve inventory, and change payment custody records, which are high-impact marketplace actions; the artifacts also disclose confirmation and admin-key controls.
Confirm before irreversible steps. Ask for buyer confirmation before creating an order and merchant confirmation before reserving stock. ... Require an admin key for `registry payment-release` and `registry payment-refund`.
Use explicit user approval for order, stock, release, and refund actions, and verify the order/payment evidence before allowing the agent to proceed.
A leaked or over-scoped key could let someone create orders, publish or pull merchant data, moderate products, or change payment records.
Registry mode relies on API keys that grant buyer, merchant, or admin authority over marketplace operations.
Use `Authorization: Bearer <api-key>` or `X-Mai-Api-Key: <api-key>`. Roles: `admin`: moderation and payment release/refund. `merchant`: push/pull for one merchant scope. `buyer`: buyer messages, draft orders, and payment holds.
Use separate scoped keys, avoid putting real tokens in shell history, revoke unused keys, and store production secrets in a secret manager.
Installing the optional plugin may add native tool behavior outside this skill review.
The documentation recommends an optional separate plugin that is not part of the reviewed skill files shown here.
`openclaw plugins install clawhub:mai-plugin` ... `mai-plugin` is the optional lightweight OpenClaw native bridge for tools and `/mai` command support.
Review the `mai-plugin` package separately before installing it, especially if it will run with access to marketplace data or user credentials.
Local data files may contain sensitive business, customer, and payment-reference information that could be reused by the agent or exposed if the file is shared.
Mai keeps persistent local marketplace state that can include buyer/merchant messages, order history, contact information, and payment references.
Mai stores a JSON document at `~/.local/share/mai/mai.json` ... `orders`, `messages`, `reviews` ... `payment_url`, `payment_reference`.
Store Mai data in an appropriate project-local path when testing, protect the default data file, and avoid recording secrets or unnecessary personal data.
Order, message, product, and merchant data may be sent to a registry service; without proper deployment controls, tokens or commercial data could be exposed.
The registry mode intentionally moves marketplace data between buyer agents, merchant agents, and a registry service.
Merchant agent pushes its local store to the registry. Buyer agent searches registry products or merchants. Buyer agent creates registry messages or draft orders. Merchant agent pulls inbox items back into its local store.
Use HTTPS for any non-local registry, keep API keys scoped, and understand exactly what local store data is pushed before using registry sync.