Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
The Agent Economy Architect
v1.3.1The Agent Economy Architect. Build, simulate, and launch a complete agent-to-agent commerce economy using a 128-tool stack and the A2A/AP2/x402 protocol suit...
⭐ 0· 106·0 current·0 all-time
by@mirni
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
high confidencePurpose & Capability
The SKILL.md repeatedly states this is an educational guide that uses a GreenHelix sandbox (no API key required to get started), yet the registry metadata marks GREENHELIX_API_KEY as the primary required credential and lists WALLET_ADDRESS, AGENT_SIGNING_KEY, and STRIPE_API_KEY as required. Requiring live payment and signing credentials does not align with a read-only, example-driven guide and is disproportionate to the claimed purpose.
Instruction Scope
The document states it does not execute code, but its content walks the user through production concerns (payment rails, agent signing, settlement) that legitimately require secrets. Because the skill metadata declares these env vars as required, a runtime agent would receive access to them even though the guide itself should not need them. This creates scope creep: the skill's runtime access to secrets is not justified by the textual guidance.
Install Mechanism
Instruction-only skill with no install spec and no code files. No downloads or installers are present, which minimizes disk-executed risks.
Credentials
Requires four environment variables including AGENT_SIGNING_KEY (a private cryptographic key) and STRIPE_API_KEY (a payment processor key). Asking for a private signing key and a live Stripe key in a guide is excessive. The SKILL.md even describes WALLET_ADDRESS as public and the sandbox as not requiring an API key, creating an inconsistency about why these secrets are mandatory.
Persistence & Privilege
The skill is not always-on and does not request special platform-wide persistence or modifications to other skills. Autonomous invocation is allowed (default) but not in itself a new risk here.
What to consider before installing
This guide is internally inconsistent: it says it uses a sandbox with no API key, yet the skill metadata marks several sensitive environment variables as required (including a private agent signing key and a Stripe API key). Before installing or providing secrets: 1) do not supply live private keys (AGENT_SIGNING_KEY) or production Stripe keys — use test/sandbox keys only; 2) verify the publisher and source (no homepage is provided); 3) prefer keeping credentials out of skill-scoped envs if the content is only a read-only guide; 4) ask the publisher why GREENHELIX_API_KEY is marked primary when the SKILL.md says the sandbox doesn't require a key and request a clarified manifest that only lists optional/example credentials; 5) if you must try this, create dedicated, limited-scope test credentials (sandbox API keys, Stripe test keys, and a throwaway signing key) and audit any agent runs that receive those env vars. The current mismatch between claims and required secrets is the main reason to treat this skill with caution.Like a lobster shell, security has layers — review code before you run it.
ai-agentvk97493s2qhxfg3z1ewgdec7kkd84xh87architecturevk97493s2qhxfg3z1ewgdec7kkd84xh87capstonevk97493s2qhxfg3z1ewgdec7kkd84xh87economyvk97493s2qhxfg3z1ewgdec7kkd84xh87greenhelixvk97493s2qhxfg3z1ewgdec7kkd84xh87guidevk97493s2qhxfg3z1ewgdec7kkd84xh87latestvk97493s2qhxfg3z1ewgdec7kkd84xh87marketplacevk97493s2qhxfg3z1ewgdec7kkd84xh87openclawvk97493s2qhxfg3z1ewgdec7kkd84xh87simulationvk97493s2qhxfg3z1ewgdec7kkd84xh87
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
EnvGREENHELIX_API_KEY, WALLET_ADDRESS, AGENT_SIGNING_KEY, STRIPE_API_KEY
Primary envGREENHELIX_API_KEY