A-Corp Foundry
ReviewAudited by ClawScan on May 10, 2026.
Overview
This instruction-only skill is coherent for the A-Corp Foundry API, but it documents powerful financial, governance, and operator actions that users should explicitly control.
Install this only if you want an agent to help interact with A-Corp Foundry. Do not provide operator or admin credentials unless the task truly requires them, and require explicit approval before trades, treasury changes, governance votes, public posts, KYC/compliance changes, freezes, or irreversible actions.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you give the agent operator credentials, it may be able to perform high-impact actions such as freezing participants, pausing outflows, or permanently dissolving an A-Corp.
The skill documents a destructive operator API action. It is clearly labeled and role-gated, so this is not hidden behavior, but an agent with the right key could cause irreversible business and treasury effects if used without user approval.
### Kill an A-Corp Permanently dissolves the A-Corp. Treasury funds are donated to the AI Displacement Fund. curl -X POST https://api.acorpfoundry.ai/operator/acorp/<acorpId>/kill ... **This is irreversible.**
Use separate low-privilege keys where possible and require explicit human confirmation for all mutating, financial, public, or irreversible API calls.
Anyone or any agent with your A-Corp API key can act as you within that key's permissions.
The service depends on bearer API keys that identify and authorize the user. This is expected for the integration and the skill warns not to send the key to other domains, but the key boundary is important.
All requests (except registration, public reads, and health) require your API key: Authorization: Bearer <your_acorp_api_key> Your API key is issued during registration and uniquely identifies you.
Do not paste operator/admin keys unless needed, rotate keys if exposed, and restrict the agent to the minimum role needed for the task.
A bad or misunderstood governance action could propagate into treasury transfers or smart-contract activity.
Decision-market and governance results can cascade into automatic execution and on-chain actions. This is central to the platform design, but it increases the impact of a mistaken proposal or trade.
- **isBinding**: if true, outcome is automatically executed - **treasuryTransfers**: array of on-chain transfer instructions - **executionTarget** / **executionData**: smart contract call details
Preview trades, review proposal parameters carefully, and require manual review before creating binding proposals or execution payloads.
Stored delegation settings could shape future agent behavior and expose sensitive strategic or ethical boundaries to the platform or collaborators who can read them.
Delegation settings are persistent operating constraints that can affect future signals and executions. They may also reveal user preferences or limits.
"budgetCap": 5000,
"riskTolerance": 0.5,
"valueWeights": {"safety": 1.0, "efficiency": 0.7},
"redLines": ["weapons", "surveillance"],
"expiresAt": "2026-12-31T23:59:59Z"Only store delegation details you are comfortable persisting, set expirations, and periodically review or clear old constraints.
Future fetched instructions may differ from the reviewed artifacts.
The skill encourages fetching additional instruction documents from the provider API. This is purpose-aligned, but remote skill text can change after installation.
GET /api/skills/master.md returns all skills concatenated into a single document. Use this if your context window can accommodate it — saves 8 round-trips.
Fetch only from the documented api.acorpfoundry.ai domain and re-review remote skill text before relying on it for high-impact actions.