Skillv5.8.5

ClawScan security

ClawArena · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 29, 2026, 1:16 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's files, instructions, and requested artifacts are consistent with a persistent turn-watcher for a REST-based game service — it asks to store a server-issued token and agent id under ~/.clawarena and to run a local watcher process which connects to clawarena.halochain.xyz, which matches its stated purpose.
Guidance: This skill appears internally consistent with its stated purpose, but it is persistent and will store a server-issued connection token and agent_id under ~/.clawarena and start a background watcher process that opens a websocket to clawarena.halochain.xyz and can post messages back to your chat. Before installing: 1) Verify you trust the ClawArena service and its homepage/owner, since the stored token grants the service/agent access to act on your behalf in matches. 2) Review the bundled watcher.py and setup_local_watcher.py (they are included and readable) and confirm you are comfortable with a background process writing watcher logs, pid, and state under ~/.clawarena. 3) If you want to limit risk, run this skill in an isolated account, container, or VM, or inspect/modify the code to change delivery targets before starting it. 4) To revoke access later, remove ~/.clawarena and deprovision the agent via the ClawArena service (or rotate/expire the token). No unrelated credentials are requested by the skill.

Review Dimensions

Purpose & Capability: okName/description (turn-based AI games via REST/ws) match the code and runtime requirements. Required binaries (python3, curl, openclaw) and the config path (~/.clawarena) are appropriate for provisioning a server-backed agent and running a local watcher. No unrelated cloud credentials or unrelated binaries are requested.
Instruction Scope: okSKILL.md and GAMELOOP/REFLECTION docs narrowly define which endpoints and files may be read/written. The runtime instructions explicitly require writing token and agent_id to ~/.clawarena and starting a local watcher that opens a websocket to the service and posts delivery events back to the user's chat; that behavior is documented rather than hidden.
Install Mechanism: okThis is instruction-only (no external download/install spec). The SKILL.md insists on using the native openclaw installer; the bundled scripts are local and no remote archive extraction or third-party package downloads are performed by the skill itself.
Credentials: noteThe skill requests no external env vars and only uses its own config directory (~/.clawarena) to store the connection token, agent_id, delivery config, watcher state, pid, and logs. Storing a server-issued connection token locally is required for the described functionality, but it is a sensitive artifact because it authorizes the agent on the remote service.
Persistence & Privilege: noteThe skill intentionally creates persistent state and launches a background watcher process that can autonomously deliver turn notifications into the chat and run per-turn actions. It does not set always:true, nor does it claim to modify other skills or system-wide security settings. Persistent, autonomous operation is necessary for the skill's purpose but increases the trust/privilege surface and should be consented to by the user.