ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agent Identity & Access Management: RBAC, Key Scoping, and Multi-Tenant Security for AI Agent Systems

v1.3.1

Agent Identity & Access Management: RBAC, Key Scoping, and Multi-Tenant Security for AI Agent Systems. Complete IAM architecture for multi-agent commerce: Ed...

0· 97·0 current·0 all-time
by@mirni
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoRequires walletCan make purchasesRequires OAuth tokenRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name and description (agent IAM / RBAC / key scoping) match the SKILL.md content describing GreenHelix A2A gateway integration and high-level IAM patterns. Requiring a gateway API key is plausible for runnable examples, but this is an instruction-only guide (no code to run). Declaring required env vars for a non-executable guide is unusual and therefore noteworthy.
!
Instruction Scope
The SKILL.md includes examples and states 'Every class calls the GreenHelix A2A Commerce Gateway API' and describes admin operations (rotate keys, set_budget_cap, release escrow). Those example actions are high privilege. Because the skill declares it expects credentials in the environment, an agent given those env vars could be guided to perform real privileged API calls. The guide also claims the sandbox 'requires no API key' while simultaneously listing a required GREENHELIX_API_KEY—an internal contradiction.
Install Mechanism
No install spec and no code files (instruction-only). This minimizes on-disk execution risk; nothing is downloaded or installed by the skill itself.
!
Credentials
The skill declares two required environment variables: GREENHELIX_API_KEY (gateway API key) and AGENT_SIGNING_KEY (an Ed25519 signing key/private material). Requiring a private signing key for a static educational guide is disproportionate. These are sensitive credentials: the API key grants read/write gateway access; the signing key is effectively a private key that could be used to impersonate agents. The SKILL.md's claim that the sandbox needs no API key conflicts with listing GREENHELIX_API_KEY as required.
Persistence & Privilege
always:false and no install means the skill does not request permanent forced inclusion. Autonomous invocation is allowed (platform default). Combined with the credential requests and high-privilege example operations, autonomy could enlarge the blast radius — but the skill by itself does not request always:true or modify other skills.
What to consider before installing
This guide appears to be genuine IAM guidance, but it inappropriately asks for sensitive credentials despite being non-executable. Before installing or providing secrets: 1) Do not supply AGENT_SIGNING_KEY (private keys) to a skill that only contains documentation — keep private keys offline or in an HSM. 2) Prefer creating a low-privilege, read-only GREENHELIX_API_KEY for testing (scoped to sandbox or limited actions) rather than a production admin key. 3) Verify why the skill declares required env vars: ask the publisher whether credentials are strictly necessary, or whether they're only used in example snippets that you can run locally. 4) Review the guide offline (download the SKILL.md and inspect examples) before handing any secrets to an agent. 5) If you must experiment, do so in an isolated tenant with disposable credentials and full audit logging enabled, and rotate any keys afterward. Providing full admin keys or private signing keys to an agent or skill that doesn't need to run code is disproportionate and increases risk.

Like a lobster shell, security has layers — review code before you run it.

access-controlvk974atmj9hxcj3dpv5zjjsn1f184w6djagent-identityvk974atmj9hxcj3dpv5zjjsn1f184w6djai-agentvk974atmj9hxcj3dpv5zjjsn1f184w6djapi-keysvk974atmj9hxcj3dpv5zjjsn1f184w6djgreenhelixvk974atmj9hxcj3dpv5zjjsn1f184w6djguidevk974atmj9hxcj3dpv5zjjsn1f184w6djiamvk974atmj9hxcj3dpv5zjjsn1f184w6djlatestvk974atmj9hxcj3dpv5zjjsn1f184w6djmulti-tenantvk974atmj9hxcj3dpv5zjjsn1f184w6djopenclawvk974atmj9hxcj3dpv5zjjsn1f184w6djrbacvk974atmj9hxcj3dpv5zjjsn1f184w6djsecurityvk974atmj9hxcj3dpv5zjjsn1f184w6dj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvGREENHELIX_API_KEY, AGENT_SIGNING_KEY
Primary envGREENHELIX_API_KEY

Comments