Back to skill
Skillv1.3.1
ClawScan security
AgentFuel API · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 20, 2026, 5:17 AM
- Verdict
- Benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's requirements and instructions are consistent with a gateway/proxy for multiple AI APIs and only request a single AGENTFUEL_KEY, but the skill is instruction-only, from an unknown source, and has a few metadata and privacy caveats you should review before trusting it with sensitive data or funds.
- Guidance
- This skill appears to do what it says: proxy AI API calls through an AgentFuel key. Before installing, verify you trust agentfuel.dev (no homepage provided here) because all request payloads (prompts, files, audio) and payment operations go through their service and could be logged. Prefer using Authorization headers instead of ?key= in URLs to reduce leakage via logs/referer. Confirm the AGENTFUEL_KEY has limited scope if possible, rotate it if compromised, and monitor credits and transfers. Consider avoiding this gateway for highly sensitive data or production secrets until you can verify the operator (check their website, privacy policy, and reviews). The metadata omission of a primary credential is minor but note the source is unknown—exercise caution.
Review Dimensions
- Purpose & Capability
- okThe name/description (a crypto-funded API gateway that proxies Replicate, Anthropic, and ElevenLabs) matches the runtime instructions: endpoints, invoice/transfer endpoints, and auth mechanisms are all directly related to that purpose. Requiring AGENTFUEL_KEY is expected.
- Instruction Scope
- noteSKILL.md only shows curl and web_fetch calls to the gateway and does not instruct reading unrelated files or environment variables. However it encourages use of query-param auth (https://.../endpoint?key=YOUR_AF_KEY) which can increase risk of accidental key leakage via logs/referer; prefer header Authorization where possible. No steps instruct exfiltration unrelated data, but the gateway will receive request payloads (prompts, audio, etc.) — this is intrinsic to a proxy.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files — nothing is written to disk by the skill itself. Low install risk.
- Credentials
- noteOnly one env var (AGENTFUEL_KEY) is required, which is proportionate to a gateway API. Minor metadata inconsistency: registry lists 'Primary credential: none' despite AGENTFUEL_KEY being required (likely a bookkeeping omission).
- Persistence & Privilege
- okalways is false and the skill does not request persistent/privileged system presence. The skill allows autonomous invocation (disable-model-invocation: false) which is platform default; combined with the gateway nature this means an agent could autonomously make proxied requests — expected but worth awareness.