Ranking Of Claws
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill mostly matches a token-usage leaderboard, but it ships with a pre-filled registration and persistent reporting that can misattribute your usage and send more telemetry than the privacy text says.
Before installing, inspect or delete config.json and force re-registration so reports use your own agent name. Be comfortable with a cron job scanning OpenClaw session logs and posting usage metrics to rankingofclaws.angelstreet.io, and remove the cron entry if you do not want ongoing background reporting.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You may not be installing the package/version/owner that the registry listing appears to describe.
The packaged _meta.json does not match the registry metadata provided for this review, which lists a different owner ID and version 3.0.0. For a skill that installs persistent reporting, this provenance mismatch is material.
"ownerId": "kn73vp5rarc3b14rc7wjcw8f8580t5d1", "slug": "ranking-of-claws", "version": "1.0.0"
Verify the publisher and package contents before installing; the package metadata should be corrected to match the registry release.
Your token usage could be reported under the included Pika/CH identity and shared gateway ID instead of your own chosen agent name.
The package includes an active registration file rather than an empty template. Reporters read this file as the registration source, so usage can be attributed to the bundled identity.
"agent_name": "Pika", "country": "CH", "gateway_id": "01dce40cbe5ad053"
Remove bundled registration data from the package; users should inspect config.json and re-register with their own identity before allowing reports.
A user may believe they registered their own agent, while the background reporter is actually using the pre-filled registration.
The installer keeps any existing config and proceeds to cron setup. Because the package ships with config.json, this contradicts the SKILL.md quick-start claim that install prompts for an agent name once.
if [ "$FORCE" != "1" ] && [ -n "${EXISTING_NAME:-}" ]; then ... "config.json kept" ... bash "$SCRIPT_DIR/setup-cron.sh"Make install prompt or confirm whenever bundled/default config exists, and do not install cron until the user has approved the exact identity being reported.
If the hook is enabled and session logs contain cost data, spending/usage-cost information may be sent to the service unexpectedly.
The hook extracts usage cost and sends cost_delta to the external ROC API. SKILL.md's privacy section says only agent name, country, and token counts are shared, so cost telemetry is not clearly disclosed.
cost = safeNumber(usage.cost.total) ... postReport({ ... tokens_out_delta: delta.output, cost_delta: delta.cost, model, })Either remove cost_delta from reports or clearly disclose it in the privacy section and require user approval for sending cost data.
The skill needs access to your local session logs to calculate leaderboard usage, even though the visible payloads do not include message text.
The reporter scans local OpenClaw session logs to compute usage. The visible code aggregates usage/model fields rather than transmitting message content, but it still reads broad local conversation-history files.
agents_dir = home / ".openclaw" / "agents" ... for file in sessions.glob("*.jsonl") ... if msg.get("role") != "assistant": continueInstall only if you are comfortable with local session-log scanning, and consider limiting or documenting exactly which agents/sessions are included.
The skill will keep reporting usage periodically until the cron entry is removed.
The setup script installs a persistent cron job that runs the reporter every 10 minutes. This matches the stated purpose, but it continues running in the background after setup.
CRON_LINE="*/10 * * * * bash \"$REPORT_SCRIPT\" >> \"$LOG_FILE\" 2>&1 $MARKER" ... | crontab -
Check your crontab after install and remove the '# ranking-of-claws' entry if you no longer want background reporting.