ClawHub

Agent Loyalty & Incentives Engineering

v1.3.1

Agent Loyalty & Incentives Engineering. Build machine-readable loyalty programs, rewards APIs, and incentive protocols that AI shopping agents can discover,...

0· 105·0 current·0 all-time
by@mirni
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoRequires walletCan make purchasesRequires OAuth tokenRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The skill is a guide for building loyalty/incentive integrations with the GreenHelix gateway; requesting GREENHELIX_API_KEY (primary credential) and a WALLET_ADDRESS aligns with that purpose. Asking for a public wallet address for settlement/identity linking is plausible for this domain.
Instruction Scope
SKILL.md is an educational guide with code examples and explicitly states it does not execute code or install dependencies. The visible instructions do not direct the agent to read unrelated files, system paths, or other environment variables beyond the declared credentials.
Install Mechanism
No install spec and no code files — instruction-only — which is the lowest-risk install posture.
Credentials
Only two env vars are declared, both relevant. Minor inconsistency: the guide text says the GreenHelix sandbox requires no API key to get started, yet the registry metadata marks GREENHELIX_API_KEY as required. Also note WALLET_ADDRESS is described as a public address (no private key), which is proportionate; do not provide private keys in environment variables.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request persistent/system-wide privileges or modify other skills. Model invocation is enabled (normal default).
Assessment
This appears to be an instructional guide that legitimately needs a GreenHelix API key and a public wallet address for integration examples. Before installing: (1) Confirm whether the GREENHELIX_API_KEY is actually required for the sandbox examples (the guide claims the sandbox needs no API key, but metadata marks it required). (2) Never supply private keys or wallet secrets — only a public receiving address if needed. (3) Because the skill source/homepage is not provided, verify GreenHelix endpoints and token scopes yourself and prefer short-lived or least-privilege API keys for testing. (4) Treat code examples as examples — do not run them against production endpoints until you’ve tested in the sandbox and reviewed the requests they make. (5) If you want to prevent any autonomous network actions by the agent, consider disabling model invocation for this skill or only invoking it manually.

Like a lobster shell, security has layers — review code before you run it.

ai-agentvk97c7dcczyznyat80e2dn8wrhx84whd1greenhelixvk97c7dcczyznyat80e2dn8wrhx84whd1guidevk97c7dcczyznyat80e2dn8wrhx84whd1incentivesvk97c7dcczyznyat80e2dn8wrhx84whd1latestvk97c7dcczyznyat80e2dn8wrhx84whd1loyaltyvk97c7dcczyznyat80e2dn8wrhx84whd1openclawvk97c7dcczyznyat80e2dn8wrhx84whd1redemptionvk97c7dcczyznyat80e2dn8wrhx84whd1rewardsvk97c7dcczyznyat80e2dn8wrhx84whd1ucpvk97c7dcczyznyat80e2dn8wrhx84whd1uipvk97c7dcczyznyat80e2dn8wrhx84whd1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvGREENHELIX_API_KEY, WALLET_ADDRESS
Primary envGREENHELIX_API_KEY

Comments