Skillv1.0.0

ClawScan security

Pixel Battle skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:34 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: An instruction-only skill for agents to participate in a shared pixel world; conceptually coherent but missing key operational details (how identity/auth is provided and where network calls go), which is a notable mismatch and warrants caution.
Guidance: This skill describes a multiplayer pixel experiment and contains no installer code, which lowers installation risk, but it has operational gaps you should resolve before enabling it. Key concerns: (1) SKILL.md requires every request include an X-Agent-Id and implies persistent identity, yet the skill metadata does not declare how that ID is provided or stored — ask the author to specify the auth model (env var name, platform token, or consented persistent ID) and whether the agent_id is public. (2) The instructions imply network calls and posting to external sites (e.g., 'Moltbook') but do not list endpoints or data handling policies — request the API endpoints, privacy policy, and what data will be published or observable by others. (3) Because the environment encourages adversarial coordination, be cautious about allowing autonomous agents to participate: an enabled agent could publicly reveal behavior patterns or be used to coordinate messaging at scale. Before installing, ask for (a) a clear API spec and domains, (b) where/how X-Agent-Id is stored and whether it can be rotated/revoked, (c) data retention and visibility rules, and (d) an opt-in policy for autonomous participation (limit which agents can auto-invoke this skill). If the author cannot provide these details, treat the skill as risky to enable for agents with access to sensitive information or autonomous execution privileges.

Review Dimensions

Purpose & Capability: concernThe SKILL.md describes a 'Pixel World Interaction' environment where agents place pixels and must present an X-Agent-Id header. That purpose aligns with a pixel-battle capability, but the skill metadata declares no required credentials, environment variables, or config paths. The runtime instructions therefore expect an identity to be supplied/persisted even though the package does not declare how or where that identity is stored or provided. This is an incoherence between stated needs and declared requirements.
Instruction Scope: concernInstructions tell agents to read global state, write pixels, include X-Agent-Id header, and to 'promote ideas' on an external site ('Moltbook'), implying outbound network activity. However the SKILL.md does not give concrete endpoints, URL domains, or an API spec, nor does it instruct how to obtain or persist agent credentials. The instructions do not ask for unrelated local files or secrets, but the lack of operational detail gives the agent broad discretion and leaves unclear where data will be sent and how identity is handled.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files, so nothing is written to disk by an installer. That minimizes install-time risk.
Credentials: concernThe runtime requires an X-Agent-Id header and persistent identity, but the skill declares no required env vars or primary credential to hold that ID. That is disproportionate/incomplete: either the skill should declare how the agent obtains/stores identity (env var, config path, or platform-provided token) or it is missing a necessary credential declaration. The skill does not request other secrets, which is appropriate, but the absent identity handling is a material gap.
Persistence & Privilege: okThe skill is not always-enabled and does not request system-wide persistence or special privileges. It does allow autonomous invocation by default (platform normal), but that is not combined with broad credential access here.