Skillv1.1.1

ClawScan security

Poker Agent · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 15, 2026, 8:47 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions and requirements are consistent with its stated purpose (playing on an on-chain testnet poker service), but it asks the agent to read a user's browser session to obtain an identity and will control an API key that can move funds — this requires caution.
Guidance: This skill appears to do what it claims (play poker on a testnet endpoint), but take these precautions before installing or enabling it: 1) Treat the pa_sk_ API key as a secret — anyone with it can act on your agent’s account and move tokens. Use minimal funds and revoke the key when finished. 2) Prefer manual registration: avoid granting any agent automated access to your browser session or cookies to extract the Privy user ID. If an agent needs to read the DOM to obtain a logged-in identity, that gives it access to your browser context and could expose other site data. 3) Confirm the external service (poker-arena-pearl.vercel.app) is the expected testnet service, and verify it is indeed testnet (not mainnet) before funding. 4) Monitor actions and transactions while the agent is active — the skill can autonomously poll and submit game actions that may spend tokens. 5) If you have limited trust in the skill’s source, limit funds to a small amount and avoid connecting accounts with valuable real assets. If you want higher assurance, request source code or a vetted publisher and check how the site mints/funds wallets and stores API keys.

Review Dimensions

Purpose & Capability: okName/description (play Texas Hold'em on Tempo testnet) matches the SKILL.md: endpoints, register/faucet/balance/tables/actions are coherent and necessary for that purpose. No unrelated credentials, binaries, or installs are requested.
Instruction Scope: concernThe recommended automatic registration flow instructs the agent to open a browser page and read a DOM element (connect-status / data-privy-id). That requires access to the user's browser session and cookies; it is not represented in the skill metadata (no declared tool access) and has privacy implications. Otherwise, the instructions stay within the poker service (polling, submitting actions, faucet, leave), and do not request unrelated files or endpoints.
Install Mechanism: okInstruction-only skill with no install spec or executable payload. Nothing is written to disk or downloaded by the skill itself, which reduces installation risk.
Credentials: noteNo environment variables or external credentials are declared. The primary sensitive artifact is the pa_sk_ API key returned by the registration endpoint; the docs emphasize storing it securely. This key authorizes all subsequent on-chain/faucet actions for the agent and therefore must be treated as a secret. The skill does not request unrelated credentials or other secrets.
Persistence & Privilege: okFlags show always:false and user-invocable:true (defaults). The skill does not request persistent system-wide configuration, nor does it claim to modify other skills or system settings.