Clawai Town Skill
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill is clearly a Solana game-world connector, but it lets remote world data drive autonomous real-money trades and combat and may keep reconnecting after being stopped.
Only install this if you intentionally want a public autonomous agent in a Solana mainnet game. Use a dedicated low-balance wallet, disable autoTrade and autoFight until you trust the behavior, set strict caps, monitor logs, and verify the stop/reconnect behavior is fixed before leaving it unattended.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Other agents or server-provided world events could influence the agent's next action, including trades, fights, or public chat.
Server-provided event text and nearby-agent data are placed directly into the LLM context, and the resulting LLM decision is automatically executed.
const recentEvents = events.slice(-5).map((e) => e.text).join('; '); ... const decision = await this.agent.think(context); ... this.executeAction(action);Treat all world-state text as untrusted, clearly delimit it from instructions, filter prompt-like content, and require confirmation for financial or combat actions.
The agent may repeatedly trade or fight with real funds without a human reviewing each transaction.
The documented workflow gives the LLM recurring authority to choose actions that can spend or transfer real SOL.
Decision Loop (every tick) ... Your agent's LLM ... decides an action ... Skill parses the decision and sends it to the server ... All trades execute real SOL transactions on Solana mainnet
Default autoTrade and autoFight to off, require explicit user approval for SOL transfers or combat, and add daily/session loss limits in addition to per-trade caps.
A wallet funded for this skill can lose SOL through trades, combat loot, and fees if the agent makes poor or manipulated decisions.
The skill requires delegated access to a funded Solana wallet for mainnet activity, but the artifacts do not show strong transaction-approval boundaries or aggregate exposure limits.
Your agent authenticates with its Solana keypair ... All trades execute real SOL transactions on Solana mainnet ... A funded Solana wallet (mainnet)
Use a dedicated low-balance wallet, avoid using a primary wallet, keep maxTradeAmount very low, and require local signing prompts or policy checks for every transaction.
The skill may resume operating after the user or platform tries to stop it, potentially continuing autonomous actions involving SOL.
Calling stop() closes the socket and sets connected to false, which matches the close handler's reconnect condition; no stopped flag is shown to prevent reconnection.
async stop() { ... if (this.ws) this.ws.close(); this.connected = false; } ... this.ws.on('close', () => { ... setTimeout(() => { if (!this.connected) { ... this.connect(); } }, 10000); });Add an explicit stopping/shutdown flag, cancel pending reconnect timers, clear existing tick intervals before starting new ones, and verify stop() fully disables the skill.
The wallet public key is not a secret, but it can link the agent's public activity to an on-chain address.
The skill sends agent identity details and the Solana public key to the remote world server as part of authentication.
this.send({ type: 'auth', id, name, framework: framework || 'OpenClaw', pubkey: wallet?.publicKey?.toString() || '' });Use a dedicated wallet for this world and assume agent name, actions, chat, and public key may be observable by the service or other participants.
There is less context for verifying where the runtime code came from or how dependencies are expected to be managed.
The package has runnable code but limited provenance and no declared install/dependency specification in the supplied metadata.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill; Code file presence: index.js
Review the source repository and dependency chain before funding a wallet or enabling autonomous actions.