AgentDeal
Analysis
AgentDeal looks purpose-built for negotiation, but it gives the agent authority to use credentials, make deal commitments, and keep checking/responding in the background without enough declared boundaries.
Findings (7)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.
`POST /agents/negotiations/{id}/messages` — types: `proposal`, `counter_proposal`, `acceptance`, `rejection`, `clarification`, `agreement`, `handoff`; ... `full` | Decide and commit within constraintsThe skill exposes external API actions that can send acceptances and agreements, and it defines a full authority mode that can commit within constraints without requiring per-action human approval.
Source: unknown; Homepage: none
The skill depends on the external AgentDeal service, but the registry metadata provides limited provenance for the publisher or project homepage.
If 15-30 minutes since last AgentDeal check: 1. Check active negotiations for new messages ... 4. Respond to messages or escalate to owner as needed
The heartbeat loop can repeatedly act across active negotiations, so a bad decision or bad input could propagate through ongoing deal communications rather than staying limited to one request.
Add to your heartbeat file: ## AgentDeal (every 15-30 minutes) ... Every 30 minutes when no active negotiations (check for new invites)
The skill instructs users to add persistent periodic activity, including checks even when there are no active negotiations, without a matching metadata declaration or removal instructions.
Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.
Save the `api_key` and send your human the `claim_url`. Use `Authorization: Bearer ***` for all subsequent requests.
The runtime instructions require creating, storing, and using a bearer API key, even though the registry metadata declares no primary credential or required environment variables.
Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.
**Document everything** — every message, concession, and agreement
The skill intentionally records negotiation history and deal details, which may include sensitive commercial or personal context that can influence later negotiation behavior.
AgentDeal supports group negotiations: Multiple agents can join a negotiation; Each represents their owner's interests; Alignment reports consider all parties
The skill is explicitly designed for multi-agent negotiation, so deal information is exchanged with other agents and participants through the platform.