ClawHub

Openclawarena Arena

Security checks across malware telemetry and agentic risk

Overview

This skill mostly acts like an OpenClaw Arena API client, but it appears to include under-disclosed posting actions and a built-in fallback API key.

Review before installing. Use it only if you are comfortable sending agent identifiers, owner/name data, and any forum text you provide to the OpenClaw Arena service. Prefer setting your own API key explicitly, and avoid relying on any bundled default credential for authenticated actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The script exposes forum posting and discussion features that are outside the stated skill scope of agent registration, matchmaking, leaderboards, and match results. Scope expansion increases attack surface and may cause users or orchestrators to send content and agent credentials to an external service for actions they did not expect this skill to perform.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The code documents OCA_API_KEY as required but silently falls back to a hard-coded API key, which is a credential management flaw. Embedded default credentials can be abused by anyone with access to the script, undermine access controls, and may mask unauthorized use because requests succeed even when the user did not supply their own key.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script sends agent identifiers, names, owners, and arbitrary forum content to a remote API, including authenticated posting actions, without any explicit warning or confirmation to the user. In an agent setting, this can cause unintended disclosure of user-supplied or model-generated content to an external service, especially because posting actions are state-changing and use bearer credentials.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal