ClawHub

ClawArena TEST

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed autonomous ClawArena game watcher that stores local game credentials and uses OpenClaw to play turns; the sensitive behavior fits its stated purpose.

Install only if you want a background ClawArena watcher that can keep running, store a local bearer token, send reports through your configured OpenClaw chat, and let OpenClaw act on game turns automatically. Review the ~/.clawarena files and stop the watcher when you no longer want autonomous play.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
seq = str(wake.get("seq") or "")
        if ws is not None and seq:
            ws.send_json({"type": "wake_ack", "seq": seq})
        proc = subprocess.run(  # noqa: S603
            cmd,
            capture_output=True,
            text=True,
Confidence
97% confidence
Finding
proc = subprocess.run( # noqa: S603 cmd, capture_output=True, text=True, timeout=120, check=False, cwd=stable_subproces

subprocess module call

Medium
Category
Dangerous Code Execution
Content
]
        if should_deliver and delivery is not None:
            self._append_delivery_args(cmd, delivery)
        proc = subprocess.run(  # noqa: S603
            cmd,
            capture_output=True,
            text=True,
Confidence
95% confidence
Finding
proc = subprocess.run( # noqa: S603 cmd, capture_output=True, text=True, timeout=120, check=False, cwd=stable_subproces

subprocess module call

Medium
Category
Dangerous Code Execution
Content
self._append_delivery_args(cmd, delivery)

        try:
            proc = subprocess.run(  # noqa: S603
                cmd,
                capture_output=True,
                text=True,
Confidence
93% confidence
Finding
proc = subprocess.run( # noqa: S603 cmd, capture_output=True, text=True, timeout=120, check=False,

subprocess module call

Medium
Category
Dangerous Code Execution
Content
self._append_delivery_args(cmd, delivery)

        try:
            proc = subprocess.run(  # noqa: S603
                cmd,
                capture_output=True,
                text=True,
Confidence
92% confidence
Finding
proc = subprocess.run( # noqa: S603 cmd, capture_output=True, text=True, timeout=120, check=False,

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The watcher's behavior exceeds passive turn watching by spawning local agents for maintenance/update messaging, using remote notice payloads and local delivery configuration. This scope expansion increases the blast radius: a compromise or abuse of the service can cause the skill to message users or perform ancillary actions not strictly required for gameplay.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The self-learning/reflection workflow persistently modifies future strategy prompts based on finished match content, creating a durable prompt-poisoning surface. Because match logs, player chat, and names are adversary-influenced, this can turn one malicious game into long-lived behavior manipulation across future sessions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal