Deal Works Mcp
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This skill is mostly coherent for deal.works, but it gives an agent high-impact authority over money, deals, marketplace publishing, and autonomous agents, with some credential/provenance ambiguity users should review carefully.
Install only if you trust deal.works and the npm publisher. Use scoped API keys, keep unrelated credentials such as PERPLEXITY_API_KEY out of the environment, and require explicit confirmation before any transfer, cashout, escrow, deal action, public marketplace publish, vote, or autonomous-agent deployment.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent with this skill could move funds, lock funds in escrow, cash out, or change the state of business deals if it receives or infers the right instruction.
These are high-impact financial and deal-lifecycle mutations exposed as agent tools. The artifacts disclose them, but do not show built-in confirmations, amount ceilings, or rollback controls for these actions.
`fund_transfer` - Transfer funds between wallets; `fund_cashout` - Cash out to external wallet; `deal_action` - Perform deal actions (sign, approve, reject, etc.)
Use only with a tightly scoped API key, require explicit user confirmation for every financial or legal mutation, and review all tool calls before approval.
A deployed agent could continue operating after the immediate chat task and consume funds or act on delegated permissions.
The skill can create and fund autonomous agents through an external service. The artifacts do not clearly bound agent lifetime, permissions, delegation scope, or maximum budget.
description: "Deploy a new agent from a skill definition. Optionally fund and configure SLA." ... fundingAmount ... return client.fetch("cadre", "/agents", { method: "POST", body: input,Deploy agents only after explicit approval, set small budgets and clear stop conditions, and verify that deal.works provides revocation, audit logs, and spending limits.
If you have a Perplexity API key in the environment, the package may use it in ways that are not obvious from the main skill requirements.
The static scan reports this environment credential access combined with a network send. The registry requirements list DEAL_WORKS_API_KEY as the required credential, so PERPLEXITY_API_KEY use is not clearly declared or bounded in the supplied metadata.
const apiKey = config?.apiKey ?? process.env.PERPLEXITY_API_KEY;
Do not run the skill in an environment containing unrelated API keys unless you intend the skill to use them; the publisher should declare optional credentials and describe when they are sent.
Anyone or any agent using this key through the skill may be able to perform powerful account actions depending on server-side scopes.
The primary deal.works credential is expected for this integration, but it is sent as a bearer token for calls across the platform's engines, including engines that can mutate funds, deals, marketplace listings, and agents.
this.apiKey = config.apiKey ?? process.env.DEAL_WORKS_API_KEY; ... headers["Authorization"] = `Bearer ${this.apiKey}`;Use the least-privileged deal.works API key available, rotate it if exposed, and avoid sharing it with unrelated MCP servers or agents.
Copying the wrong command could install or run an unintended package.
The README uses two different npm package scopes in install/config examples. That may be a documentation typo, but it could lead users to invoke a different package than the one in the install spec.
npx @swgoettelman/deal-works-mcp ... "args": ["@goettelman/deal-works-mcp"]
Verify the npm package name and publisher before installation; the maintainer should make the package scope consistent across all docs and config examples.