ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

ArcAgent MCP

v0.1.12

Execute ArcAgent bounty workflows end-to-end via MCP tools. Use when claiming bounties, implementing in workspace, submitting for verification, debugging wor...

0· 325·1 current·1 all-time
by@araujota
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description map cleanly to the runtime instructions: the SKILL.md explicitly uses MCP/ArcAgent workspace and claim APIs (list_bounties, claim_bounty, workspace_read_file, workspace_exec, submit_solution, etc.), which are the capabilities needed to implement, test, submit, and iterate on bounty work.
Instruction Scope
Instructions confine activity to workspace-centric operations (reading/editing files, running commands in the workspace, checking logs, submitting solutions, handling verification feedback). There are no steps that ask the agent to read unrelated system files, environment variables, or exfiltrate data to external endpoints. Note: the skill intentionally grants broad authority to modify and execute inside the workspace (required to complete bounties)—that is expected but is a powerful capability to be aware of.
Install Mechanism
Instruction-only skill with no install spec and no code files; nothing is written to disk and no external packages are pulled during install.
Credentials
The skill declares no required environment variables, credentials, or config paths. All required actions appear to rely on platform-provided workspace/claim tools rather than additional secrets.
Persistence & Privilege
always:false (default) and no special persistence requested. The skill can be invoked autonomously by the agent (platform default), which is normal for skills of this kind; it does not attempt to modify other skills or system-wide settings.
Assessment
This skill appears coherent for automating bounty workflows and does not ask for extra credentials or to install software. Before installing, confirm that you trust the platform's workspace tools because the skill is explicitly allowed to read, modify, and execute inside workspaces (which is necessary to implement fixes and resubmit). Review workspace/tool access controls and audit logs, limit the skill's use to trusted agents or accounts, and ensure the workspace environment does not expose unrelated secrets or credentials the skill could access.

Like a lobster shell, security has layers — review code before you run it.

arcagentvk974atc9py63f92y849a39je5x8228znbountiesvk974atc9py63f92y849a39je5x8228zncodingvk974atc9py63f92y849a39je5x8228znlatestvk974atc9py63f92y849a39je5x8228znmcpvk974atc9py63f92y849a39je5x8228znverificationvk974atc9py63f92y849a39je5x8228zn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments