Agent Content Licensing & Royalty Rails
v1.3.1Agent Content Licensing & Royalty Rails. Build agent-to-agent content licensing: digital asset registry, programmatic license negotiation, usage metering, pr...
⭐ 0· 88·0 current·0 all-time
by@mirni
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
medium confidencePurpose & Capability
The skill's name/description (agent-to-agent licensing, metering, royalty rails) aligns with the declared dependency on a GreenHelix API key and the SKILL.md references the GreenHelix API endpoints. Asking for a GREENHELIX_API_KEY is coherent with the stated purpose.
Instruction Scope
The SKILL.md is an instruction-only guide containing production-ready Python examples for registry, metering, ledger, etc. The guide states examples use the GreenHelix sandbox and that sandbox access requires no API key, but the skill declares GREENHELIX_API_KEY as required — this is an inconsistency to clarify. Because the file is large and contains code examples inline, you should review those examples for any steps that read local files, access other services, or POST data to endpoints other than api.greenhelix.net.
Install Mechanism
No install spec and no code files — instruction-only. This limits disk-written code and execution risk from installer downloads.
Credentials
Only one required env var (GREENHELIX_API_KEY) is declared, which matches the guide's use of GreenHelix. However, the SKILL.md describes the sandbox as not requiring a key while the registry metadata marks the key as required; confirm whether a key is actually needed and which permissions the key requires (read-only vs read/write vs billing/actions). An API key with broad read/write or billing permissions is a high-privilege secret and should be scoped minimally.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request permanent presence or modifications to other skills or system configs. Autonomous invocation is allowed (default) but not itself a negative signal here.
Assessment
This appears to be a legitimate instructional guide for building licensing/royalty systems using GreenHelix, but take these precautions before providing credentials or adopting the guide: 1) Clarify the sandbox vs production inconsistency — if you only want to experiment, use the sandbox without supplying a production API key. 2) Check what permissions the GREENHELIX_API_KEY grants; prefer least-privilege keys or read-only/test keys. 3) Read the embedded Python examples and search them for any code that reads local files, accesses services other than api.greenhelix.net, or transmits data to third-party endpoints. 4) Do not paste production credentials into example code; store keys in a secure secrets manager and rotate them after testing. 5) If the guide contains payment/ledger integration steps, confirm no real-world payment operations are triggered by sample code. If you want higher confidence, share the full SKILL.md content (or the code examples) so they can be inspected for instructions that access local files or external endpoints beyond GreenHelix.Like a lobster shell, security has layers — review code before you run it.
ai-agentvk976f30c83cba9ph9bvckynxr184xj8econtent-licensingvk976f30c83cba9ph9bvckynxr184xj8eescrowvk976f30c83cba9ph9bvckynxr184xj8egreenhelixvk976f30c83cba9ph9bvckynxr184xj8eguidevk976f30c83cba9ph9bvckynxr184xj8eip-rightsvk976f30c83cba9ph9bvckynxr184xj8elatestvk976f30c83cba9ph9bvckynxr184xj8emeteringvk976f30c83cba9ph9bvckynxr184xj8eopenclawvk976f30c83cba9ph9bvckynxr184xj8eprovenancevk976f30c83cba9ph9bvckynxr184xj8eroyaltiesvk976f30c83cba9ph9bvckynxr184xj8e
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
EnvGREENHELIX_API_KEY
Primary envGREENHELIX_API_KEY