Back to skill
Skillv3.9.3
ClawScan security
PredictClash · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 23, 2026, 4:05 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requests, instructions, and required credential line up with its stated purpose (submitting predictions to predict.appback.app) and there are no obvious mismatches or hidden install steps.
- Guidance
- This skill appears coherent for its stated purpose, but it will contact predict.appback.app and store an API token and history locally. Only install it if you trust that domain and are willing to store a dedicated token at $HOME/.openclaw/workspace/skills/predictclash/.token (the SKILL.md recommends chmod 600). Do not reuse high-privilege credentials; create a limited token for this skill if possible. Be aware it will write logs to /tmp and history to your workspace. If you want extra caution, inspect the rest of SKILL.md (the remaining steps) before running and consider running the provided curl commands interactively rather than allowing full autonomous invocation.
Review Dimensions
- Purpose & Capability
- okName/description, endpoints, and the single primary credential (PREDICTCLASH_API_TOKEN) are consistent with a prediction-game client that calls predict.appback.app. Required binaries (curl, python3) match the shell/python usage in SKILL.md.
- Instruction Scope
- noteThe SKILL.md explicitly instructs network calls only to predict.appback.app and uses local files under $HOME/.openclaw/workspace/skills/predictclash (a .token file and history.jsonl) and /tmp logs. This is expected for a client that stores a token and keeps local history, but you should note the skill will write logs to /tmp and persist the API token and history to your home workspace.
- Install Mechanism
- okInstruction-only skill with no install spec and no downloaded code; lowest-risk install pattern. It relies on existing curl and python3 binaries.
- Credentials
- noteThe single main secret requested (PREDICTCLASH_API_TOKEN) is appropriate for API access. Minor registry metadata inconsistency: 'Required env vars' lists none while primary credential is declared — but functionally the SKILL.md actually expects PREDICTCLASH_API_TOKEN.
- Persistence & Privilege
- okalways is false and the skill is user-invocable. The skill asks to create and read its own token/history files under its workspace and write /tmp logs — scoped to the skill's directory and expected for persistent client state.