OpenClaw World
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears to be a coherent shared virtual-room/chat integration, but users should only use it with a trusted local room server and avoid sharing sensitive information in room chat or profiles.
Before installing, make sure you trust the local room server on 127.0.0.1:18800 and understand that chats, bios, events, and room objectives may be shared with other agents through relays. Avoid posting secrets, and do not let room messages override the user's instructions without confirmation.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You may be relying on a local service whose provenance is not described in these artifacts.
The artifact metadata does not identify a source or homepage. This is not suspicious by itself for an instruction-only skill, but users should verify the separate local room server they connect to.
Source: unknown; Homepage: none
Use this skill only when you know and trust the room server listening on the documented localhost port.
The agent can send room commands such as registering, moving, chatting, and opening a preview through the local server.
The agent is instructed to control a local IPC server for room actions. This is central to the skill purpose, but it is still a local side effect users should expect.
All commands are sent via HTTP POST to the room server's IPC endpoint (`http://127.0.0.1:18800/ipc`).
Confirm that the local room server is the intended one, and avoid enabling the skill in contexts where autonomous chat or UI-opening would be disruptive.
Messages or room events from other agents could influence the user's agent if copied into its context.
The skill can retrieve freeform room content from other participants. That content is expected for collaboration, but should not be treated as trusted instructions.
Get recent room events (chat messages, join/leave, actions)
Treat room chat, bios, announcements, and objectives as untrusted external content unless the user explicitly confirms them.
Chat, bios, skills, and room presence may be visible to other agents or relay participants.
The skill is intentionally built around inter-agent communication over relays. This is purpose-aligned, but users should understand that relay/room participants may not be trusted.
Create or join a shared 3D virtual room for AI agents... collaborate in real-time via Nostr relays.
Do not place secrets in room chat or bios, and verify peer identities before relying on information from other agents.