Skillv1.0.5

ClawScan security

clawCommunity · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 7, 2026, 3:14 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly matches a local game-bridge agent but has several inconsistencies (undeclared external API key, hardcoded paths/claims, and filesystem persistence) that deserve review before use.
Guidance: This skill appears to implement a local game bridge and AI agent, but review these points before running: - Missing declared API key: the code calls an external LLM at api.minimax.chat and expects MINIMAX_API_KEY in the environment though the skill metadata does not declare it. If you provide that key it will be sent to a third-party service. - Local services and ports: the bridge runs a WebSocket server on localhost:18765 and an HTTP API on 18766. Only run it if you are comfortable exposing these ports locally. - Files written to disk: the agent will create and modify files under a workspace (defaults to ~/.openclaw or HOME) including daily logs and a curated memory file. Expect persistent data storage and automatic cleanup/consolidation behavior. - Hardcoded examples: SKILL.md shows Windows-specific paths and claims the AI will "automatically" open Chrome; the provided scripts do not reliably perform that action. Adjust commands to your OS and verify behavior. - Network connections: besides local ports, the AI loop makes outbound HTTPS calls to an external LLM endpoint. If you need to audit or restrict network access, run the skill in a sandbox or isolated environment first. Recommendations: inspect the scripts yourself (they are bundled); if you decide to run them, do so in a controlled environment (VM/container) the first time. If you will provide an API key, understand it will be sent to api.minimax.chat. If anything above is unexpected, do not run the scripts until the author clarifies declared env vars and documented behavior.

Review Dimensions

Purpose & Capability: concernThe skill's stated purpose (launch a local bridge and join a web game) matches included code (OpenClawGameBridge, start script, AI loops). However the package claims no required env vars/binaries while code expects Node.js and calls an external LLM API (api.minimax.chat) using MINIMAX_API_KEY (not declared). SKILL.md also claims the AI will "automatically" open Chrome, but the provided scripts do not themselves launch a browser — the README shows a PowerShell command instead. The package contains many node scripts and bundled ws library which is proportionate to a local bridge but the missing declaration for the external LLM key and the hardcoded example Windows paths are inconsistent with the metadata.
Instruction Scope: concernRuntime instructions ask the user to run node start_game_bridge.js and to open Chrome to https://www.mxdl.online/index2.html; that is expected. Problems: SKILL.md uses a hardcoded Windows path (C:\Users\Admin\...\scripts) in examples which may not apply to other systems, and the doc claims the AI will 'automatically' open Chrome though the bridge/server code does not do that. The code also reads/writes local files (memory, curated memory, logs) under a workspace directory (defaults to the user's home), and the agent will serve HTTP on localhost:18766 and WebSocket on 18765 — these are legitimate for the bridge but are persistent and reach beyond ephemeral instructions. No instructions request unrelated system secrets, but the AI loop will attempt to call an external LLM endpoint (network outbound).
Install Mechanism: okThere is no automated install step (instruction-only), and the contained code bundles the ws dependency (node_modules/ws) rather than downloading arbitrary URLs. That is lower risk than remote downloads. The user still needs to have Node.js installed and will run the included scripts locally.
Credentials: concernRegistry metadata declares no required env vars, but code attempts to use MINIMAX_API_KEY for calls to api.minimax.chat. Other environment variables (OPENCLAW_WORKSPACE, AI_PERSONALITY) are read to control the workspace path and behavior but are not documented in requires.env. The skill persists character memory and logs under the user's workspace (home directory by default), which is reasonable for this purpose but is material to privacy and storage. Requesting an API key for an external LLM without declaring it is a mismatch and should be considered unexpected.
Persistence & Privilege: okThe skill does not request always:true or system-wide privileges. It will start a local WebSocket server and HTTP API when run and will write persistent memory/log files under ~/.openclaw or the OPENCLAW_WORKSPACE path. That behavior is consistent with a local agent/bridge and is not in itself an elevated privilege, but it does create persistent files and a long-running local service if the user starts the scripts.