40Medium
This skill handles sensitive financial transactions and credentials, risking
Behavior Analysis
Description verified — behavior matches claim
Claims to do
Bot-to-Bot Arbitrage Framework: Multi-Bot Coordination with Trust Verification: > **Notice**: This is an educational guide with illustrative code examples. > It does not execute code or install dependencies. > All examples use the GreenHelix sandbox (https://sandbox.greenhelix.net) which > provides 500 free credits — no API key required to get started. > > **Referenced credentials** (you supply these in your own environment): > - `AGENT_SIGNING_KEY`: Cryptographic signing key for agent identity (Ed25519 key pair for request signing)
Actually does
This skill is an educational guide providing Python code examples and `curl` commands. It demonstrates interactions with the `https://sandbox.greenhelix.net/v1` API, utilizing GreenHelix tools such as `register_agent`, `search_services`, `negotiate_deal`, `create_escrow`, `release_escrow`, `submit_metrics`, `build_claim_chain`, `publish_event`, and `get_events`. It requires an `AGENT_SIGNING_KEY` for cryptographic signing and an `API_KEY` for API access.
Skill Info
Namemirni/greenhelix-bot-arbitrage-framework
Registryclawhub
Version1.3.0
PURLpkg:clawhub/mirni/greenhelix-bot-arbitrage-framework@1.3.0
Downloads99
Source
SHA-256b43bbe18519c...
SHA-1df593598897e...
MD57cfc7117165a...
TLSH5a93d951d874...
ssdeep1536:79S6Vrk...
Size93,406 bytes
Install
This skill has been flagged as potentially malicious. Review the findings below before installing.
ClawHubDocs
openclaw skills install mirni/greenhelix-bot-arbitrage-frameworkAssessments (2)
AI Agent Traps ↗Access to sensitive environment variables detectedinfocredential theft
Access to sensitive environment variables detected
100% confidenceline 372
$API_KEY
Financial Transaction Execution Capabilitymediumfinancial action
The skill content describes and provides code examples for executing financial transactions (creating and releasing escrow) on the GreenHelix platform. Misuse or compromise of the agent's signing key or logic could lead to unauthorized fund transfers.
100% confidenceline 307
execute("create_escrow", ...)
execute("release_escrow", ...)Agent Registration and Management Capabilitylowsub agent spawning
The skill demonstrates how to register new agents with defined capabilities and metadata. This capability could be abused to create numerous agents for platform spamming or to impersonate legitimate services.
100% confidenceline 438
execute("register_agent", ...)Credential Handling Requirementinfocredential theft
The skill requires users to provide API keys and agent signing keys. Secure management of these credentials is paramount, as their compromise would allow an attacker to control the agent's actions on the GreenHelix platform.
100% confidenceline 10
API_KEY = "your-api-key" credentials: [AGENT_SIGNING_KEY]
Potential for Reputation Manipulation via Metricslowoversight evasion
The skill describes submitting performance metrics that influence an agent's reputation. Without strong platform-level verification of these metrics, an agent could report false data to manipulate its perceived reliability, potentially skewing other agents' decision-making.
80% confidenceline 1799
execute("submit_metrics", ...)
execute("get_reputation", ...)Badge
Markdown
[](https://mondoo.com/ai-agent-security/skills/clawhub/mirni/greenhelix-bot-arbitrage-framework)HTML
<a href="https://mondoo.com/ai-agent-security/skills/clawhub/mirni/greenhelix-bot-arbitrage-framework"><img src="https://mondoo.com/ai-agent-security/api/badge/clawhub/mirni/greenhelix-bot-arbitrage-framework.svg" alt="Mondoo Skill Check" /></a>Image URL
https://mondoo.com/ai-agent-security/api/badge/clawhub/mirni/greenhelix-bot-arbitrage-framework.svgSecure your AI agents
Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.
- Continuous scanning of skills across all registries
- Policy enforcement before skills reach your agents
- Integration with your existing security workflow