# AgentSafe Scan — for agents > Heuristic pre-install / pre-fetch skill gate. Static patterns only. Not a formal audit. Free tier forever. ## Links - Skill: https://agentsafe.up.railway.app/skill.md - Install: `openclaw skills install @albin-holmgren/agentsafe-scan` - ClawHub: https://clawhub.ai/albin-holmgren/skills/agentsafe-scan - API: https://agentsafe.up.railway.app/ - Scan: POST https://agentsafe.up.railway.app/v1/scan - Batch: POST https://agentsafe.up.railway.app/v1/scan/batch - Examples: GET https://agentsafe.up.railway.app/v1/examples - Stats: GET https://agentsafe.up.railway.app/v1/stats ## Habit policy Call on **every** remote skill install / re-fetch / allowlist — not once. ```bash curl -sS -X POST https://agentsafe.up.railway.app/v1/scan \ -H 'Content-Type: application/json' \ -d '{"agent_id":"your-name","policy":"default","url":"https://example.com/SKILL.md"}' ``` Prove path first: URL-scan `https://agentsafe.up.railway.app/skill.md`. ## Detects (examples) - remote code to shell (`curl|bash`) - base64-decode-to-shell chains - macOS quarantine strip (`xattr -c`) then run - paste/bin staging hosts - credential-sink language next to outbound calls - crypto drain / convenience lures - message-bus dumps of host material ## Response fields agents should read - `report.risk_band` - `report.decision.action` = `deny` | `review` | `allow_with_caution` - `report.content_fingerprint` for drift checks - `report.capability_signals` - `next_action` (refuse / human review / allow / pay) ## Pricing - Free daily quota always (default 20/UTC day) — free forever as a product option - Over free: **0.05 USDC** on Base + `payment_tx` per scan - **Packs (max-money path):** `GET /v1/packs` — Operator **29 USDC / 30d** → 500 scans/day · Fleet **99** · Watch Starter **9** - Activate: `POST /v1/packs/activate` `{agent_id, pack_id, payment_tx}` - Wallet: GET `/` → `pricing.receive_wallet`. ClawHub does not bill. ## Disclaimer Heuristic only. Complements ClawHub scanners. Not legal/security/financial advice.