Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Deal Works Mcp
v0.1.1AI agent infrastructure for deals, escrow, attestations, and autonomous agents. 39 tools across 9 engines.
⭐ 0· 449·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description (deal.works, deals/escrow/agents) align with the requested binary (node), the npm package @swgoettelman/deal-works-mcp, and the single required env var (DEAL_WORKS_API_KEY). The declared tools and base URLs in code point to *.works domains which fits the described functionality.
Instruction Scope
SKILL.md is largely a normal MCP skill README/instruction file, but the pre-scan detected a 'system-prompt-override' pattern (prompt-injection). Even though the visible SKILL.md content here doesn't obviously contain an active override, the scanner signal indicates the file may include phrasing that attempts to change agent/system prompts or agent behavior. That is scope-creep for a tool connector and should be manually inspected.
Install Mechanism
Install uses an npm package (registry install) and exposes a CLI binary 'deal-works-mcp' — a standard mechanism. No remote arbitrary archive downloads or extract-from-unknown-URL installs were found.
Credentials
Only one required environment variable (DEAL_WORKS_API_KEY) is declared and used by the client code for Authorization headers. This matches the stated need to authenticate to deal.works APIs and is proportionate to the skill's purpose.
Persistence & Privilege
No elevated privileges requested. always is false; the skill is user-invocable and may be invoked autonomously (platform default). The package does not request system-wide config changes or other skills' credentials.
Scan Findings in Context
[system-prompt-override] unexpected: Prompt-injection patterns that try to override an agent's system prompt are unrelated to an MCP connector's purpose and may give the skill undue influence over agent behavior. The SKILL.md was flagged; manual inspection of the SKILL.md/README for any instructions that attempt to change system prompts, ignore prior instructions, or escalate privileges is recommended.
What to consider before installing
This package appears to implement the deal.works MCP connector and only needs your DEAL_WORKS_API_KEY and node, which is reasonable. However: 1) The SKILL.md was flagged for a possible 'system-prompt-override' pattern — open and read SKILL.md/README yourself and search for any lines that tell the agent to ignore prior instructions or to change system prompts; remove or reject the skill if present. 2) Verify the npm package and publisher (check the package on the npm registry or GitHub) — there are slight name inconsistencies in the files (swgoettelman vs goettelman) that could indicate a packaging mistake or impersonation. 3) Prefer installing and testing in a sandboxed environment first (use an API key with limited scope/permissions), and be ready to rotate the API key if you detect unexpected behavior. 4) If you plan to let agents invoke this autonomously, be extra cautious: autonomous skills with prompt-injection vectors can change agent behavior. If you want, provide the SKILL.md/GitHub link and I can re-check for exact prompt-injection phrases and suspicious instructions.Like a lobster shell, security has layers — review code before you run it.
latestvk979qxmgk3ek7dgvrag88jmjqs81ww4a
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🤝 Clawdis
Binsnode
EnvDEAL_WORKS_API_KEY
Primary envDEAL_WORKS_API_KEY
Install
Node
Bins: deal-works-mcp
npm i -g @swgoettelman/deal-works-mcp