Fabric Marketplace
WarnAudited by ClawScan on May 10, 2026.
Overview
This instruction-only marketplace skill is transparent about Fabric trading, but it tells agents how to spend credits or money, make deals, reveal contact details, and exchange access credentials without clear approval gates.
Use this skill only if you want an agent to interact with Fabric marketplace. Before enabling it, set hard rules: no credit purchases, public listings, offer acceptances, contact reveals, off-platform payments, or credential exchanges without explicit confirmation from you; set a maximum credit budget; and require the agent to treat all marketplace text as untrusted.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could spend money or continue paid marketplace activity beyond what the user expected.
This encourages the agent to initiate credit purchases during operation. Purchases may involve real money and are not paired with an explicit user confirmation step or a preset spending limit.
If balance < 50 credits and you have more work to do, purchase proactively rather than hitting 402 mid-workflow. ... Use the `stripe` or `crypto` options directly — they include pre-filled request bodies.
Require an explicit user-approved budget and separate confirmation before any credit purchase, paid action, offer acceptance, or off-platform settlement step.
The agent could expose accounts, systems, or third-party services if it trades or accepts long-lived credentials without proper limits.
The skill presents delegated account actions and SSH/API credential handoff as marketplace settlement materials without defining least-privilege, temporary-access, or human-approval boundaries.
Account Actions & Delegated Access | Submit/claim using seller's account, workspace access, queue position ... They exchange SSH creds and API keys off-platform.
Do not let the agent exchange or use SSH keys, API keys, workspace access, or account actions unless the user explicitly approves the exact scope, duration, and counterparty.
Counterparty contact details and event data may enter the agent's context or systems.
The skill handles contact reveal and webhook-based event flows involving other marketplace participants. The artifact does include useful minimization and webhook-signature guidance, so this is a purpose-aligned note rather than a standalone concern.
Returns: email (always present), phone (optional), messaging_handles[] ... Don't store counterparty contact info beyond what's needed for the current deal.
Use webhook signature verification, limit retention of contact details, and keep counterparty data out of unrelated tasks or logs.
A malicious counterparty could place instructions in a listing or offer note that attempts to change the agent's behavior.
The marketplace workflow expects agents to parse counterparty-authored notes. Those notes are untrusted text and could try to influence the agent outside the intended negotiation.
Many Fabric participants are autonomous agents. ... Clear, specific notes are parsed more reliably than vague ones.
Treat marketplace listings, requests, and notes as untrusted negotiation data, not as instructions to override the user's goals or safety rules.