Skillv0.1.0

ClawScan security

FortClaw Game · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:10 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's declared purpose (a game) matches its instructions, but inconsistent metadata and ambiguous instructions around where and how the API key is used raise red flags you should resolve before installing.
Guidance: This skill appears to be a playable game, but there are several inconsistencies you should resolve before installing: (1) Confirm the correct API domain(s) — SKILL.md, skill.json, and example endpoints reference different hostnames (mcp.aix.games, api.aix.games, api.claw.aix.games, fortclaw.com). Only send your API key to the single, authoritative endpoint the service owners control. (2) Ask the publisher or check who controls fortclaw.com and the aix.games domains to verify authenticity. (3) Prefer storing the API key in your agent's secure secret store rather than plaintext files, and avoid setting the key in unrelated third-party tools. (4) If you proceed, initially use a dedicated/test account or read-only credentials (if available) to observe traffic and ensure requests go only to the expected host. (5) Be cautious about the skill auto-fetching remote SKILL.md/heartbeat files — this allows behavior changes without reapproval; treat that as a policy decision. If the publisher can clarify the endpoint inconsistencies and provide a single canonical API base and updated package.json, the risk will be much lower.

Review Dimensions

Purpose & Capability: noteThe skill is a game and its runtime instructions (register, check status, move units, buy upgrades) are consistent with that purpose. However, registry/package metadata (skill.json) and SKILL.md disagree about service endpoints and required binaries (SKILL.md uses mcp.aix.games / api.aix.games and suggests no required binaries; skill.json lists api_base 'https://api.claw.aix.games/v1' and requires 'curl'). These inconsistencies are unexpected for a straightforward game skill.
Instruction Scope: concernThe SKILL.md instructs the agent to register, persist an API key (suggested file path ~/.config/fortclaw/credentials.json or FORTCLAW_API_KEY), periodically fetch remote files (skill.md/heartbeat.md/gameguide.md) and call the MCP JSON-RPC API. Periodic fetching of remote skill files means the skill's behavior could change if those hosted files are altered; combined with the multiple differing domains in the docs, this broad network activity is concerning until endpoints and intent are confirmed.
Install Mechanism: noteThere is no automatic install spec (instruction-only), which is lower risk. SKILL.md includes example curl commands that download files from fortclaw.com into ~/.openclaw/skills; manual downloads are expected for instruction-only skills but still rely on the trustworthiness of fortclaw.com. The mismatch between 'no required binaries' in registry metadata and skill.json claiming 'curl' is inconsistent.
Credentials: concernThe skill does require an API key to interact with the game service (expected), but the registry declares no required env vars while SKILL.md recommends storing the key in files or FORTCLAW_API_KEY. More importantly, multiple domains are referenced (fortclaw.com, mcp.aix.games, api.aix.games, api.claw.aix.games, aix.games) — it's unclear which domains are authoritative and which should receive the API key. That ambiguity increases risk of accidental key exposure.
Persistence & Privilege: noteThe skill does not request 'always: true' and has no install-time persistence requirements. It does instruct saving credentials to a local config path and adding recurring 'heartbeat' checks (periodic network calls), which is normal for a client that interacts with a remote game server — but those writes and periodic network calls are persistent actions the user/agent will perform and should be accepted explicitly.