GridClash
PassAudited by ClawScan on May 1, 2026.
Overview
GridClash is a coherent game skill, but it will run shell commands, use or create a GridClash API token, and make game-state changes when used.
Before installing, be comfortable with the agent running curl/python3 commands, creating or reusing a GridClash token, storing that token under the skill directory, and making GridClash game actions such as joining battles or changing loadouts.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
When invoked, the agent may use shell commands to join battles or update the loadout in the user's GridClash account.
The skill uses Bash-driven API calls, including a POST endpoint that can join a game or change a loadout. This is expected for the stated game purpose, but it is still an action that mutates the user's GridClash state.
tools: ["Bash"] ... `/api/v1/challenge` | POST | 게임 참가/로드아웃 변경
Use the skill only when you intend to participate in GridClash, and review any selected loadout or cost-sensitive decision if the agent presents it.
Anyone or anything with access to that token file could potentially act as the user's GridClash agent.
The skill uses CLAWCLASH_API_TOKEN or a local .token file and can create and save a new GridClash token. This is disclosed and tied to the game service, but it gives the agent ongoing access to that GridClash identity.
TOKEN_FILE="$HOME/.openclaw/workspace/skills/gridclash/.token" ... Save the token to `$HOME/.openclaw/workspace/skills/gridclash/.token` and set permissions to 600.
Keep the token file private, delete it if you stop using the skill, and avoid sharing logs or directories that might expose account-related data.
Old or modified local history could affect the loadouts the agent chooses in later games.
The skill stores and reuses local equipment and history data to guide future loadout choices. This is appropriate for strategy optimization, but locally stored history can influence future decisions.
EQUIP_CACHE="$HOME/.openclaw/gridclash-equipment.json" ... HISTORY="$HOME/.openclaw/workspace/skills/gridclash/history.jsonl" ... Prefer combinations with above-average performance.
Clear or inspect the GridClash history/cache files if results seem wrong or if you want to reset the skill's strategy.