ClawHub
Back to skill
v1.0.1

Agent Mandate Protocol

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 7:28 AM.

Analysis

This is a coherent A-MAP security-protocol helper, but it uses an npm dependency and an agent private key to sign and delegate agent requests, so users should verify and scope it carefully.

GuidanceBefore installing, verify the npm package and consider pinning its version. Use a dedicated, least-privilege `AMAP_PRIVATE_KEY`, keep mandates short-lived and narrowly scoped, send signed A-MAP headers only to intended services, and avoid logging secrets or full mandate chains.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
npm install @agentmandateprotocol/core

The skill depends on an external npm package and does not pin a package version in the documented install command. This setup is disclosed and central to the skill, but users should verify provenance.

User impactInstalling the dependency gives trust to the npm package that implements the cryptographic operations.
RecommendationReview the package source and publisher, pin a known-good version where possible, and use normal dependency-locking practices.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusNote
SKILL.md
Your agent's Ed25519 private key in `AMAP_PRIVATE_KEY` ... privateKey:   process.env.AMAP_PRIVATE_KEY

The skill uses an environment-held private key to sign outgoing A-MAP requests. This is expected for the protocol, but it represents delegated identity and authorization authority.

User impactIf the private key or mandate scope is mishandled, outgoing requests could appear legitimately authorized by the agent.
RecommendationUse scoped, rotatable keys and short-lived mandates; do not reuse keys across unrelated agents or grant broader permissions than needed.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityMediumConfidenceHighStatusNote
references/signed-request-format.md
`X-AMAP-Mandate` Base64url-encoded JSON array of DelegationTokens — the full authorization chain from the human principal down to the acting agent.

Signed inter-agent requests carry the mandate chain to downstream services. This is core to A-MAP, but it means authorization context is shared with receivers.

User impactServices receiving signed requests may see delegation-chain information about the human principal and agent authority.
RecommendationSend A-MAP headers only to intended trusted services, use HTTPS, minimize mandate contents, and avoid logging full mandate chains unless required.