AgentFuel API
ReviewAudited by ClawScan on May 10, 2026.
Overview
This instruction-only skill is coherent for using AgentFuel, but it relies on a prepaid API key and includes billing and credit-transfer operations that users should explicitly confirm.
This looks like a disclosed API integration rather than a malicious skill. Before using it, verify that you trust AgentFuel, protect AGENTFUEL_KEY like a payment credential, prefer header auth over URL query parameters, and require explicit confirmation for invoices or credit transfers.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone with the key may be able to use or transfer the user's AgentFuel credits.
The skill requires an AgentFuel API key that can access and spend prepaid credits; query-parameter auth is disclosed but can expose the key in URLs, logs, or chat history more easily than header auth.
**Auth:** `Authorization: Bearer $AGENTFUEL_KEY` header, OR `?key=$AGENTFUEL_KEY` query param
Prefer the Authorization header form, avoid pasting real keys into URLs or messages, and rotate the key if it is exposed.
A mistaken or unauthorized transfer could move prepaid credits to the wrong key.
The transfer endpoint is purpose-aligned for a prepaid credit broker, but it can move paid credits from the sender's key and the instructions do not explicitly require user confirmation before doing so.
## Transfer Credits Between Keys ... -d '{"to": "af_recipient_key_here", "amount": 1000}' ... Auth is the SENDER's key.Only transfer credits after the user explicitly confirms the recipient key and amount; treat transfers as financial actions.
User prompts, text, or generated-media inputs may be sent to AgentFuel and the upstream AI provider.
The skill routes prompts, text-to-speech input, and other provider requests through AgentFuel before reaching Replicate, Anthropic, or ElevenLabs; this is disclosed and central to the purpose.
then proxy all AI API calls through the AgentFuel gateway
Do not send sensitive content through this gateway unless you trust AgentFuel and the relevant upstream provider policies.
Users have less registry-level information for verifying the service before funding it with crypto-backed credits.
The registry metadata provides limited provenance for the skill and service, although the artifact is instruction-only and contains no installable code.
Source: unknown; Homepage: none
Verify the AgentFuel domain and service reputation before depositing funds or relying on it for sensitive workloads.