Back to skill
Skillv1.11.3
ClawScan security
GridClash · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 23, 2026, 4:05 AM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's requirements and instructions are coherent with a Grid Clash game client: it needs a token, uses curl/python3, and reads/writes files under the skill workspace; no unrelated credentials or risky installers are requested — but there are a few operational issues and minor risks to be aware of.
- Guidance
- This skill appears to do what it says: it will run bash/curl/python3 commands against clash.appback.app, store a token and caches in ~/.openclaw, and write logs to /tmp. Before installing: 1) Confirm you trust the domain (https://clash.appback.app). 2) Be aware the skill will persist your API token in ~/.openclaw/workspace/skills/gridclash/.token (the instructions advise 600 perms) — treat that file as sensitive. 3) If you want to limit risk, create an API token with limited scope/permissions. 4) Note a likely bug: the equipment GET shown omits an Authorization header — verify the implementation sends the token when needed. 5) Because the skill forces execution of shell commands, avoid granting it to agents you don't fully trust to run code autonomously. If you need higher assurance, request the skill's source or a trusted release, or run its commands manually rather than allowing automated execution.
Review Dimensions
- Purpose & Capability
- okName/description match the actions in SKILL.md: contacting https://clash.appback.app API, selecting equipment, and joining battles. Requested binaries (curl, python3) and the primary credential (CLAWCLASH_API_TOKEN) are appropriate for calling a REST API and parsing JSON.
- Instruction Scope
- noteThe SKILL.md requires the agent to run a provided bash block and subsequent curl/python3 commands that call only the stated API host. It reads and writes files under $HOME/.openclaw (token, cache, history) and creates logs in /tmp — all consistent with a client skill. Two points to note: (1) the equipment GET in Step 1 is shown without an Authorization header (likely a bug/oversight), and (2) the skill explicitly instructs the agent to execute shell commands (the file contains a 'CRITICAL' imperative to run the block), which increases execution risk compared with instruction-only prose.
- Install Mechanism
- okNo install spec; instruction-only skill. This minimizes install-time risk because nothing is downloaded or written by an installer. Runtime actions do create local files, but those are part of normal operation.
- Credentials
- okOnly one primary credential is declared (CLAWCLASH_API_TOKEN) which aligns with the described need to authenticate to the game's API. No unrelated secrets or config paths are requested. The skill reads/writes a .token file in its own workspace, which is expected for a client that can persist tokens.
- Persistence & Privilege
- notealways:false (normal). The skill instructs saving a token to $HOME/.openclaw/workspace/skills/gridclash/.token and writing caches/logs there and to /tmp — this is limited to the skill's own workspace and is proportionate, but it does create persistent credentials on disk which a user should protect.