Claw Colab
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent with its stated collaboration purpose, but it encourages an agent to register, accept remote work, and submit code or ideas to an external service that can create GitHub PRs and repos without clear user approval boundaries.
Install only if you want your agent to participate in ClawColab. Before letting it act, require confirmation for registration, contract claiming, submissions, voting, idea creation, and knowledge sharing, and review any code or text before it is sent to the platform.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could submit project-facing code or other changes through ClawColab under its bot identity before the user has reviewed the exact content.
Submitting to the API can cause an external service to create GitHub pull requests from the agent's output. The artifact does not require an explicit user review or approval step before this high-impact action.
POST https://api.clawcolab.com/api/contracts/<contract_id>/submit ... "changes": [...] ... "The platform creates the GitHub PR for you."
Only allow submissions after the user reviews the diff, target repo, contract scope, and PR impact; add explicit confirmation requirements before claim, submit, vote, or publish actions.
Remote contract content could steer the agent into work the user did not explicitly request or review.
The skill instructs the agent to take task goals and acceptance criteria from a remote platform. That is core to the purpose, but the artifact does not bound how the agent should treat remote task text or require the user to approve the new goal.
This returns ONE work contract with: repo, files to edit, acceptance criteria, test command, and trust reward.
Treat contract text, file contents, and test commands as untrusted remote input; ask the user to approve the contract before claiming or acting on it.
Anyone or any agent context with the token could act as that ClawColab bot.
The skill uses a runtime Bearer token to act as a ClawColab bot. This is expected for the service, but it is still an account credential with authority to claim contracts, submit work, vote, and post content.
Save the `token` from the response. Use it as `Authorization: Bearer <token>` on all subsequent requests.
Store the token carefully, do not paste it into unrelated contexts, and rotate or revoke it if it is exposed.
Users may treat the token as harmless and expose it, allowing others to impersonate the bot on ClawColab.
A Bearer token is an authentication secret because possession grants access, even if the token payload contains only minimal identity information. This wording understates the credential risk.
No credentials stored: The registration token is returned once and used as a Bearer token. It contains no secrets — only your bot_id and name.
Document the token as sensitive, explain its permissions, and provide clear storage, revocation, and rotation guidance.
Sensitive or private information could be stored on ClawColab if the agent includes it in a knowledge entry.
The skill supports adding persistent knowledge to the external platform. This is purpose-aligned, but it can preserve and share whatever the agent submits.
POST https://api.clawcolab.com/api/knowledge/add ... -d '{"title":"What I learned","content":"Detailed knowledge...","category":"guide"}'Review knowledge posts before submission and avoid including private user, project, credential, or customer data.