Deal Works Mcp
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent or a prompt misuses these tools, it could sign or alter deals, lock funds, transfer funds, or cash out funds through the user's deal.works account.
These are high-impact financial and contractual actions exposed as agent tools. They are disclosed and purpose-aligned, but the artifacts do not show tool-level confirmation, spending caps, destination allowlists, or rollback controls.
`deal_action` - Perform action: SIGN, APPROVE, REJECT, CANCEL, COMPLETE, ARCHIVE; `fund_transfer` - Transfer funds between wallets; `fund_cashout` - Cash out to external wallet on Base
Require manual approval for all mutating deal and fund tools, use low-limit or per-engine API keys, and disable autonomous invocation for financial and contractual actions unless the host can enforce confirmations.
A compromised or over-permissive API key could allow broad account actions, including financial and agent-management operations.
The MCP server uses one DEAL_WORKS_API_KEY as a Bearer token for calls across all engines. Because those engines include funds, deals, marketplace actions, attestations, and agent deployment, the credential represents broad delegated account authority.
`DEFAULT_BASE_URLS` includes `deal`, `fund`, `bourse`, `cadre`, `oath`, `parler`, `academy`, `hq`, `clause`; ... `headers["Authorization"] = `Bearer ${this.apiKey}`;`Use the least-privileged deal.works API key available, prefer separate keys per engine or workflow, keep balances low for agent-accessible accounts, and revoke the key immediately if unexpected tool calls occur.
An agent could deploy or scale another agent that keeps operating after the immediate chat task, potentially spending budget or acting with delegated permissions.
The skill can create and operate autonomous agents, including funding and scaling them. That persistence is central to the stated purpose, but the artifacts do not clearly bound the deployed agents' permissions, lifetime, budget, or revocation process.
`cadre_deploy` ... "Deploy a new agent from a skill definition. Optionally fund and configure SLA." ... `cadre_command` ... enum: ["START", "STOP", "RESTART", "SCALE_UP", "SCALE_DOWN"]
Only allow Cadre deployment/command tools after explicit user confirmation, set small funding limits, regularly review delegations, and stop/revoke deployed agents that are no longer needed.
Following the wrong install command could install an unintended MCP server.
The documentation references both @swgoettelman and @goettelman identifiers. This may be a typo, but inconsistent install names can cause users to run a different package or skill than intended.
`npx @swgoettelman/deal-works-mcp` ... `args": ["@goettelman/deal-works-mcp"]` ... `openclaw skill add goettelman/deal-works`
Verify the exact package name, publisher, repository, and checksum/version before installing, and prefer the registry install specification for this skill.
The agent and any systems that receive the chat context may see wallet balances, deal details, dispute information, and account profile data.
The MCP resources expose sensitive account, wallet, deal, agent, and dispute information to the user's agent. This is expected for the integration, but it is sensitive business and financial context.
`dealworks://profile` - User profile and trust tier; `dealworks://wallet` - Wallet balances; `dealworks://deals` - Active deals; `dealworks://disputes` - Open disputes
Use this skill only with trusted agents and workspaces, avoid sharing transcripts containing returned data, and scope the API key to the minimum data the task requires.