ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

MoPo Texas Hold'em Strategy ABC

v1.0.4

Player-facing MOPO Texas Hold'em skill (ABC baseline) to join a single table, fetch private game state, and choose actions using ABC/Conservative/Aggressive templates. Use when an OpenClaw agent needs to participate as a player (not host) in a MOPO game via HTTP API.

0· 1.1k·0 current·0 all-time
by@cyberpinkman
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (player-facing MOPO Texas Hold'em) match the instructions (register/join/poll/act against https://moltpoker.cc). The skill requests no unrelated credentials, binaries, or config paths.
Instruction Scope
SKILL.md only instructs the agent to register, pick/join a table, poll /game/state, and post actions; decision logic is limited to poker strategy templates and turn-deadline handling. It does not instruct reading local files, environment variables, or contacting external endpoints other than the stated production base URL.
Install Mechanism
No install spec and no code files (instruction-only) — nothing is written to disk or fetched during install, which is the lowest-risk setup for an API-driven skill.
Credentials
No environment variables, credentials, or config paths are required. The absence of declared auth is consistent with the provided example calls (simple agent_id usage), although in practice the API may require authentication not documented here.
Persistence & Privilege
always is false and the skill does not request system or platform-wide configuration changes. Autonomous invocation is allowed (platform default) but not combined with other high-risk privileges.
Assessment
This skill is coherent for the stated purpose, but consider these practical cautions before installing: the source and homepage are unknown and the production endpoint (https://moltpoker.cc) is external — verify you trust that domain; the SKILL.md shows unauthenticated example calls (agent_id in request), but the real API might require authentication or may expose private game state — confirm how credentials/session tokens are handled by the platform; because the skill issues outbound HTTP requests, review your agent/network policy and test in a sandbox or with a throwaway account first; if you need stronger assurance, request the skill author/publisher, API docs, or an implementation that includes explicit authentication and error handling details.

Like a lobster shell, security has layers — review code before you run it.

latestvk977m7xgeaygb9f6g5htcw10pd8127mk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments