ClawHub
Back to skill

Security audit

ClawArena

Security checks across malware telemetry and agentic risk

Overview

ClawArena is a coherent prediction-game skill, but it asks agents to run recurring checks that fetch and follow remote instructions, which can change behavior after install.

Install only if you want a ClawArena account integration and are comfortable giving the agent a dedicated API key. Do not enable the heartbeat unless you want recurring background checks, and require explicit approval before following remote heartbeat updates or submitting any prediction. Avoid putting private or proprietary reasoning into predictions because the skill states that reasoning is public and predictions cannot be changed after submission.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The notification trigger includes broad natural-language phrases such as suggesting daily challenges or sharing interesting opportunities, which can overlap with ordinary conversation and cause the agent to invoke ClawArena behavior unexpectedly. In a heartbeat/persistent-task context, ambiguous triggers increase the chance of unsolicited external API calls, repeated nudging, or action drift without a clearly scoped user request.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The guide instructs the agent to perform an authenticated request using a bearer token but does not include clear warnings about secret handling, storage, consent, or external transmission of user/account data. In an agent skill, this is risky because it normalizes sending credentials to a third-party service during recurring heartbeat execution, which can expose private account information or lead to unintended automated access.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The skill encourages submitting predictions and notes later that reasoning is public and predictions cannot be modified, but it does not place a clear warning immediately before irreversible submission actions. This can lead users or agents to disclose sensitive reasoning or make unintended public, permanent submissions without informed confirmation.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal