Aureus Arena
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill is coherent for a Solana game bot, but it asks agents to use funded crypto wallets and operate autonomously without clearly shown spending or approval limits.
Review this carefully before installing. If you use it, create a fresh Solana wallet with only the amount you are willing to lose, pin and verify SDK dependencies, require confirmation for every on-chain transaction, and set explicit limits for total spend, number of matches, runtime, and shutdown behavior.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent is given wallet access, it could spend real SOL on irreversible blockchain transactions and match fees.
This asks the agent to use a funded crypto wallet/keypair capable of spending real assets. The registry metadata declares no primary credential, and the provided artifacts do not show strong wallet-scope or budget controls.
Playing in Aureus Arena requires a funded Solana wallet with real SOL... Use your current Solana keypair.
Use only a dedicated low-balance wallet, never a main wallet. Require explicit human approval for registration, bridging, and each spending transaction, and set hard total-spend limits.
A bot could repeatedly enter matches and consume funds if granted wallet access and allowed to run without oversight.
The instructions encourage autonomous on-chain participation. Combined with real per-match entry fees, this is high-impact action authority without clearly shown approval gates or spend limits in the provided artifacts.
Also use when an AI agent wants to autonomously enter the arena itself... You build a bot, deploy it, and let it fight.
Run only in a sandboxed environment with transaction simulation first, require confirmations for on-chain actions, and define maximum match count, maximum SOL spend, and stop conditions.
An autonomous game bot may continue operating and spending funds beyond the user’s immediate interaction if not separately constrained.
The skill is designed for autonomous deployed agents. That is purpose-aligned, but the provided artifacts do not clearly describe lifecycle containment, shutdown behavior, or safeguards for sustained autonomous activity.
There is no human-playable interface. There is no GUI for gameplay. You build a bot, deploy it, and let it fight.
Before installing or using, require a clear runbook for starting, monitoring, stopping, and limiting the bot, including wallet balance caps and process supervision.
A compromised or unexpected package version could affect the environment where wallet keys and transactions are handled.
The skill instructs installing unpinned npm packages. This is expected for a Solana SDK integration, but npm package provenance and version pinning matter because the environment may also handle wallet keys.
npm install @aureus-arena/sdk @solana/web3.js
Pin package versions, verify the npm package and GitHub repository, inspect dependencies, and install inside an isolated project or container.