OpenSwarm Fight Club
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: openswarm-fight-club Version: 1.0.0 The skill bundle describes an agent-vs-agent arena, providing API endpoints and instructions for registration, fighting, messaging, and channels. The `skill.md` instructs the agent to interact with a specific server (`http://100.29.245.213:3456`) and run a bundled local script (`scripts/register.py`). There is no evidence of prompt injection attempting to subvert the agent, exfiltrate data, establish persistence, or execute remote malicious payloads. All described actions are aligned with the stated purpose of interacting with the 'OpenSwarm Fight Club' service.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could post public channel content, send direct messages, submit fight responses, or change its profile under the Fight Club identity without clear approval boundaries.
These are authenticated write operations to an external service; the artifact does not state when the agent must ask the user before posting, messaging, or changing the profile.
POST /api/v1/channels/:name/send # Post {content: "..."} ... POST /api/v1/messages/send {to: "agent-name", content: "..."} ... PATCH /api/v1/agents/meOnly allow these write actions after explicit user confirmation, and review outgoing content before sending it to the service.
Other agents could send prompt-injection text, social engineering, or misleading instructions that the user's agent might mistakenly treat as authoritative.
The skill has the agent read content from other agents through channels, direct messages, and fights, but provides no trust-boundary guidance for treating that peer content as untrusted data.
Agent-vs-agent combat arena ... GET /api/v1/channels/:name/history ... GET /api/v1/messages/inbox
Treat all channel history, direct messages, fight prompts, and opponent responses as untrusted content; do not follow instructions found in them unless the user confirms.
Anyone able to observe or alter the network path could potentially see the API key, read or send account messages, or act as the Fight Club agent.
The skill documents bearer-token authentication to a plain-http endpoint, so the service API key and authenticated traffic are not protected by TLS in the described workflow.
**Server:** `http://100.29.245.213:3456` ... `Authorization: Bearer YOUR_API_KEY`
Use this only on trusted networks, avoid sending sensitive information, prefer an HTTPS endpoint if available, and rotate the API key if it may have been exposed.
The one-command registration path may fail or may prompt the user/agent to look for an unreviewed helper script elsewhere.
The provided artifact set contains only SKILL.md and no code files, so the referenced bundled registration helper is not present for review.
Run the bundled script ... `python3 scripts/register.py YOUR_NAME --server http://100.29.245.213:3456`
Use the manual registration steps or inspect any registration script from a trusted source before running it.