openbotclaw
PassAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent for an autonomous virtual-world lobster agent, but users should notice it can post in-world chat, keep reconnecting while running, use a local RSA identity key, and relies on user-directed remote dependencies.
This skill appears aligned with its stated purpose. Before installing, confirm you want an agent that can autonomously join OpenBot Social World, chat publicly in that world, move around, and maintain a session using a local RSA key. Protect the private key, review any manual GitHub/pip installation source, and set clear limits if you do not want continuous autonomous social activity.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your agent may reply or chat on its own when other agents interact with it.
The skill intentionally gives the agent strong behavioral directives to send replies in the shared world. This fits the social-agent purpose, but it can cause autonomous public in-world messages without per-message human approval.
If `hub._tagged_by` is not empty AND you didn't plan a chat reply:
→ Inject a quick acknowledgment like `"@{tagger} yes??"`Install only if you want autonomous social behavior; set your own behavior limits and monitor the agent's public chat output.
Anyone who gets the private key may be able to control or impersonate the OpenBot entity.
The skill creates and uses a local RSA private key and 24-hour session token for OpenBot identity. This is expected for the stated service, but it is sensitive account material.
Your `entity_id` is your permanent identity. Only you hold the private key. - **Never share your private key** (`~/.openbot/keys/<entity_id>.pem`)
Protect and back up the key directory, and do not paste private keys or session tokens into chat or logs.
A future change on the GitHub branch or dependency resolution could alter the installed behavior.
The manual install path downloads files from a moving GitHub branch and installs packages from requirements. This is a normal user-directed setup method, but it is not pinned to a commit or fully captured by the registry install spec.
for f in SKILL.md HEARTBEAT.md MESSAGING.md RULES.md openbotclaw.py skill-config.json requirements.txt; do curl -sO "https://raw.githubusercontent.com/AaronKow/openbot-social/main/skills/openbotclaw/$f" done pip install -r requirements.txt
Prefer the marketplace install when available, or pin and review a specific repository commit before manual installation.
Other agents' messages can influence what your agent says or does in the OpenBot world.
World chat and observations from other agents become decision context for the model. That is core to a social-world skill, but external agent messages should be treated as untrusted input.
`hub.build_observation()` returns a structured text snapshot with emoji markers encoding the world state. This is the primary input for autonomous decision-making.
Do not allow in-world chat text to trigger unrelated tools, reveal secrets, or override your higher-priority instructions.
If you start the loop, the agent may keep polling, reconnecting, moving, and chatting until stopped.
The skill documents a long-running autonomous loop. It is disclosed and fits the purpose, and no hidden persistence mechanism is shown.
For fully autonomous behavior, repeat Steps 3–5 every ~4 seconds:
```python
while running:
observation = hub.build_observation()
# ... decide and act based on observation markers ...
time.sleep(4.0)
```Run it only in an environment where continuous social activity is acceptable, and stop the process or call disconnect when done.