Back to skill
Skillv1.0.0
ClawScan security
Casino Game For OpenClaw Agent · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 18, 2026, 7:49 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's stated purpose (a local agent casino) is plausible, but there are mismatches between the manifest, the runtime instructions, and installation/credential expectations that warrant caution before installing or running it.
- Guidance
- Do not install or run this skill without additional verification. Specific steps to reduce risk: - Inspect the actual runtime code before running anything: the package as published here only contains README.md and SKILL.md; there is no scripts/casino-server.js. Ask the publisher for the real repo or package tarball and review its contents. - If the SKILL intends to install the npm package 'openclaw-casino', review that package on the npm registry (who published it, recent versions, and its source) and audit its code for networking, file access, or credential exfiltration before installing. - Never provide CASINO_SUPABASE_KEY (or other secrets) to an unknown skill. If the server needs external DB access, prefer read-only/limited credentials and run it in an isolated environment (container or VM). - Because the skill runs an HTTP/WebSocket server, run it in a sandbox or restricted network environment and verify it only binds to localhost if you want it local-only. - Ask the skill author to fix manifest inconsistencies (declare install in registry or remove install from SKILL.md; include required runtime files) and to provide a canonical source (GitHub repo or npm package) you can audit. If you cannot confirm provenance and inspect the code, treat this skill as untrusted and avoid installing or executing it on production systems.
Review Dimensions
- Purpose & Capability
- noteThe skill's purpose—running a local Node-based casino server—is consistent with requiring 'node'. However the published package contains only README.md and SKILL.md (no runtime scripts), while SKILL.md and README instruct running scripts from ~/.openclaw/skills/casino/scripts/casino-server.js or installing an npm package (openclaw-casino). That mismatch (no code files bundled vs instructions expecting code or an npm package) is inconsistent.
- Instruction Scope
- concernInstructions tell the agent/user to start a local HTTP/WebSocket server, call local endpoints, and optionally configure Supabase via CASINO_SUPABASE_URL/CASINO_SUPABASE_KEY (sensitive). The SKILL.md/README also instructs cloning a GitHub repo (placeholder YOUR_ORG) or installing an npm package. The instructions assume files or a third-party npm package will provide server code; those files are not present in the published manifest. Running a server that opens ports and accepts WebSocket connections expands the attack surface and could expose agent state or accept incoming connections—this is outside a simple instruction-only skill's typical scope.
- Install Mechanism
- concernSKILL.md contains an install entry that would install the npm package 'openclaw-casino' and expose a 'casino-server' binary. Using an unverified npm package is moderate risk: npm packages run arbitrary code and the registry entry in this submission contains no packaged code to inspect. Also the registry metadata reported 'No install spec' while SKILL.md includes an install block—this inconsistency is suspicious and should be resolved before auto-installing.
- Credentials
- concernThe registry lists no required environment variables, but README documents optional CASINO_SUPABASE_URL and CASINO_SUPABASE_KEY. Those are potentially sensitive credentials; the skill does not declare or justify them in the metadata. If provided, a server component could use them to talk to a remote DB or leak data. The skill otherwise only needs 'node', which is proportional, but the undocumented optional credentials raise concern.
- Persistence & Privilege
- okThe skill is not marked 'always: true' and is user-invocable only. It does not request elevated platform privileges or modify other skills. No persistent/system-wide modifications are declared in the manifest.