Danube Tools Marketplace
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill is a broad tool-marketplace connector: it discloses its API-key access, but it can let your agent execute many changing tools and modify skills/workflows with limited built-in approval boundaries.
Install only if you are comfortable giving Danube and your agent broad delegated ability to discover and run marketplace tools. Before using it, review connected credentials, prefer least-privilege access, and require explicit confirmation for destructive, public, financial, or bulk actions.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If connected to powerful services, the agent could take real actions such as posting, changing records, or triggering workflows without a clearly documented approval boundary.
The skill exposes broad, dynamic tool execution and concurrent batch execution, but the artifacts do not define per-action confirmation, allowlisting, or safeguards for high-impact tools.
`execute_tool(tool_id, parameters)` — Run any tool by its ID ... `batch_execute_tools(calls)` — Run multiple tools concurrently in a single request (up to 10).
Use only with explicit user confirmation for impactful actions, restrict connected services where possible, and avoid enabling credentials for accounts you do not want the agent to operate.
Compromise or misuse of this one key could allow broad actions in the connected Danube account, including modifying or deleting skills/workflows.
A single credential grants broad execution plus write/delete authority over user-scoped Danube resources; the artifacts do not describe narrower token scopes or per-tool permission boundaries.
The `DANUBE_API_KEY` grants: ... **Execute**: Run tools and workflows ... **Write (user-scoped only)**: Create/update/delete your own skills and workflows
Use the least-privileged key available, rotate the key if exposed, and confirm whether Danube supports narrower scopes or separate keys for read-only versus write/execute access.
Tool requests, parameters, and results may pass through Danube’s MCP service rather than staying local.
The agent communicates with an external MCP server using an API key; this is expected for the integration, but it creates a sensitive provider communication boundary.
"url": "https://mcp.danubeai.com/mcp", "headers": { "danube-api-key": "YOUR_API_KEY" }Review Danube’s privacy policy and avoid sending secrets or sensitive business data through tools unless you trust the provider and need that operation.
Sensitive inputs or outputs used in tool calls may be stored in Danube’s audit logs.
The skill discloses that executions are logged, including parameters and results, which may contain sensitive user or account data.
**Audit trail**: All tool executions are logged with timestamps, parameters, and results for user review.
Check log retention and deletion controls before using the skill with confidential data.
One bad request could trigger several actions across connected services before the user can intervene.
Multi-step workflows and concurrent batch calls can amplify a mistaken instruction across multiple tools or services, and the artifacts do not describe rollback or containment controls.
Danube also offers ... workflows (multi-step tool chains) ... `batch_execute_tools(calls)` — Run multiple tools concurrently in a single request (up to 10).
Require confirmation before batch or workflow execution, start with low-risk tools, and avoid chaining actions that mutate important accounts without review.