Demo Slap
PassAudited by ClawScan on May 1, 2026.
Overview
This skill appears purpose-aligned for generating CS2 clips, but it does use gaming-service API keys, local runtime logs/state, background polling, and OpenClaw notifications.
Before installing, be comfortable providing a Demo-Slap API key, optionally a Leetify API key, sending CS2 demo and match data to those services, and allowing local background polling plus local state/log files for active clip generation.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can act against the configured Demo-Slap account and, if provided, the Leetify account for match lookup and demo processing.
The skill requires a Demo-Slap credential and can use a Leetify credential, which is expected for the advertised integrations but should be noticed before installation.
Expected runtime inputs: - Required: `DEMOSLAP_API_KEY` - Optional: `LEETIFY_API_KEY`
Use service-specific API keys with the minimum access needed, and avoid placing unrelated credentials in the skill's local config file.
Local skill data may contain personal identifiers, match metadata, demo links, and clip URLs that could be reused by later runs or read by someone with local access.
The skill records demo URLs and chat IDs in a local history log, alongside other disclosed runtime files such as state and highlights.
append_log(f"ANALYZE started job={job_id} url={replay_url} chat_id={chat_id}")Review or clear the skill's data directory if demo links, chat IDs, Steam IDs, or clip URLs should not remain on disk after a run.
Analyze or render jobs may keep running after the immediate chat response while they poll the Demo-Slap API.
The skill intentionally uses background execution for long analyze/render operations; this is purpose-aligned and the code bounds polling to a maximum number of attempts.
Run with `exec(background: true)` and keep the returned process/session id.
Only start background runs for user-requested clips, and stop or disable any watchdog after the job finishes or errors.
Clip URLs and chat delivery information may be passed through OpenClaw's event system for completion notifications.
The script sends an OpenClaw system event containing delivery context such as chat ID and clip URL so another runtime component can notify the user.
subprocess.run(["openclaw", "system", "event", "--text", event_text, "--mode", "now"], check=True)
Ensure the chat ID comes from the active user conversation and that any deployment watchdog only delivers to the intended destination.