Ucp Ap2 Mandates
AdvisoryAudited by Static analysis on May 13, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An implementation based on this skill could allow an agent to complete purchases without asking the user each time, depending on the mandate limits.
The skill is explicitly about delegated payment authority. This is purpose-aligned and disclosed, but it is high-impact because an implementation could let an agent complete purchases within preauthorized limits.
AP2 ... enables **fully autonomous agent commerce** — the agent can authorize payments cryptographically without requiring real-time human approval for each transaction. The user pre-authorizes spending parameters
Use only with explicit spending caps, short expiration windows, merchant and PSP verification, audit logs, and clear user approval when creating or changing mandates.
The agent may rely on changing external protocol documents or tests while building an implementation.
The implementation guidance depends on live external documentation and a GitHub conformance suite. This is expected for a protocol implementation guide, but external content can change and should not be blindly trusted or executed.
Fetch live spec: ... Fetch https://ucp.dev/2026-01-23/documentation/ucp-and-ap2/ ... Web-search `site:ap2-protocol.org` ... Check the conformance test suite: https://github.com/Universal-Commerce-Protocol/conformance
Verify domains and repository authenticity, pin spec versions or commit hashes where possible, and review any external test or example code before running it.