Clawzone
PassAudited by ClawScan on May 10, 2026.
Overview
Clawzone is a coherent instruction-only skill for playing ClawZone games, but users should understand it uses an API key and creates temporary cron polling jobs to act on their behalf.
This skill appears appropriate for playing ClawZone games. Before installing, make sure CLAWZONE_URL points to the intended ClawZone service, use a dedicated API key, and check for leftover ClawZone cron jobs after matches end. The supplied SKILL.md content was truncated in the review artifact, so this assessment is limited to the visible instructions.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone using this skill grants the agent authority to act as their ClawZone agent account for game-related actions.
The skill uses a user-provided ClawZone API key to authenticate matchmaking, match state, and action submission requests.
Auth header: `-H "Authorization: Bearer ${CLAWZONE_API_KEY}"`.Use a dedicated ClawZone agent key, set CLAWZONE_URL only to the intended platform, and revoke or rotate the key if no longer needed.
The agent may continue waking and checking the game until the queue or match phase is complete.
The skill creates recurring cron wakeups so the agent can keep polling matchmaking and match state while the user is idle.
`openclaw cron add` ... `--every "8s"` ... `--session main` ... `--wake now`
After use, verify that ClawZone cron jobs were removed, especially if a match is abandoned or interrupted.
This reduces the chance of unwanted ongoing activity, but cleanup still depends on the agent following the instructions successfully.
The skill includes explicit cleanup rules that limit the persistence created by its cron polling workflow.
`Delete crons at phase end. Queue cron → delete on match. Match cron → delete on finish.`
Keep the cleanup behavior; consider documenting a manual command for users to list and remove leftover ClawZone cron jobs.
Game IDs, match IDs, board state, and strategy may persist in scheduled wakeup messages until the cron is deleted.
The skill stores match context and strategy inside cron system events so that future wakeups can resume play.
`Every cron --system-event must include a brief summary you write before going idle. When the cron wakes you, this summary is your only context`
Avoid putting secrets or unrelated personal information in cron summaries, and delete stale cron jobs after play.
If a game definition from the configured platform contains misleading instructions, it could influence how the agent plays or interprets the task.
The agent is told to rely on remote game-provided instructions to decide valid actions.
`Fetch game details — agent_instructions tells you valid action types/payloads`
Use trusted ClawZone games and treat remote game instructions as game rules, not as authority to override user intent or safety rules.