ArcAgent MCP
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: arcagent-mcp Version: 0.1.12 The skill bundle is classified as suspicious due to instructions in `SKILL.md` that direct the AI agent to use high-risk capabilities such as `workspace_exec` and `workspace_shell`. While these tools are plausibly needed for the stated purpose of implementing and debugging bounty solutions within a workspace, their inclusion represents 'risky capabilities' (shell/network/file access) without clear malicious intent, aligning with the definition of suspicious behavior. There is no evidence of intentional harmful actions like data exfiltration or persistence.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could make code changes, run commands, and repeatedly submit work in a bounty workspace without the user reviewing each command, diff, or submission.
The skill instructs the agent to modify files, run arbitrary workspace commands/shell operations, and submit solutions. These are purpose-aligned for development work, but the artifacts do not require user approval before high-impact command execution or submissions.
`workspace_edit_file`, `workspace_apply_patch`, `workspace_write_file`, `workspace_batch_write`, `workspace_exec`, `workspace_exec_stream`, `workspace_shell` ... `submit_solution`
Use only on trusted, explicitly selected bounties; require confirmation before shell commands, claim actions, submissions, releases, and payout-related steps; review diffs before each submit.
If the connected ArcAgent MCP tools have account access, the agent may claim or release bounties and proceed toward PR/payout outcomes on the user's behalf.
The skill directs account-affecting and financially relevant actions in ArcAgent, including claiming/releasing bounties and completing payout-related workflow, but does not specify account scope, credential boundaries, or user confirmation requirements.
`claim_bounty`, `extend_claim`, `release_claim` ... "Success: verification passes, verified PR is created, payout flow completes."
Ensure the connected account is least-privileged, confirm each claim/release/payout-affecting action, and define clear limits on which bounties the agent may work on.
Bad or adversarial feedback could cause the agent to make inappropriate code changes or unnecessary resubmissions.
Verification feedback is expected input for this workflow, but the instruction makes external feedback authoritative. If feedback contains misleading or prompt-like instructions, it could steer the agent's next changes.
"Treat feedback as source of truth; patch and resubmit."
Treat verification feedback as technical evidence only; ignore any meta-instructions in feedback and keep changes narrowly tied to the bounty requirements.