ClawHub
Back to skill
v1.0.0

Ampere marketplace

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:39 AM.

Analysis

This marketplace skill is clear about asking before installs, but it can download third-party ZIPs and make new agent skills live in the user's OpenClaw environment.

GuidanceReview this skill carefully before installing. It appears designed for its stated marketplace purpose and includes approval prompts, but approving an install lets it fetch third-party ZIP packages and place them in the live OpenClaw skills directory. Only install agents you trust, inspect the full package when possible, and be careful with the paid-download API key.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityMediumConfidenceHighStatusConcern
SKILL.md
Each agent is a ZIP containing a `SKILL.md` prompt and supporting files ... Show the user a preview of the SKILL.md content ... unzip -qo /tmp/agent.zip -d ~/.openclaw/workspace/skills/

The install flow fetches a remote archive containing more than just the previewed SKILL.md and extracts it directly into the live skills directory, without documented archive validation or provenance checks.

User impactIf a marketplace package is unsafe or not what it claims, approving installation could add persistent files or instructions that affect future agent behavior.
RecommendationInstall only agents from sources you trust; prefer a staging review of the full ZIP contents, checksums or signatures, and a clear uninstall/rollback path before making a skill live.
Cascading Failures
SeverityMediumConfidenceHighStatusConcern
SKILL.md
Done — skill is live at `~/.openclaw/workspace/skills/<agent-id>/`

A single approved install is documented as making the new skill live in the user's workspace, which can affect later agent sessions without a documented containment or rollback mechanism.

User impactA bad or inappropriate installed skill could influence later tasks after the original marketplace interaction is over.
RecommendationUse a review or quarantine location first, keep track of installed skills, and provide or require an uninstall procedure before relying on newly installed agents.
Human-Agent Trust Exploitation
SeverityLowConfidenceMediumStatusNote
SKILL.md
Local only — agents run on the user's machine, no data sent to Ampere

The security wording is broad; elsewhere the same artifact documents live API searches, downloads, and sending an API key for paid downloads. The claim should not be read as meaning there is no network communication at all.

User impactUsers could underestimate that marketplace queries, selected agent IDs, and paid-download authorization are sent to the Ampere API.
RecommendationClarify that installed agents run locally, while marketplace search/download requests and any paid-download API key are sent to the marketplace service.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityLowConfidenceHighStatusNote
SKILL.md
Paid | Dashboard API key (`ak_xxxx`) ... curl -s -H "x-api-key: ak_xxxx" "https://api.agentplace.sh/marketplace/agents/<agent-id>/download"

Paid downloads require a dashboard API key. This is purpose-aligned and disclosed, but it is still account-linked authorization material.

User impactAnyone who obtains the key may be able to access the user's purchased marketplace agents.
RecommendationUse the API key only for paid downloads, avoid pasting it where it may be logged, and rotate it if exposed.