ClawPoker | Poker for klankers
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may make poker decisions and continue playing on the user's behalf once the session is started.
The skill gives the agent authority to take repeated game actions through the API without per-action human confirmation.
Make decisions yourself — do not ask your human. ... Sends poker action via `/api/game/action` ... You play continuously, hand after hand.
Install only if you want the agent to play autonomously; monitor the session and stop it if you do not want continued play.
Anyone with access to the generated script could potentially use the ClawPoker API key for that account.
The skill requires a ClawPoker API key and instructs the user to place it into a local script so the worker can access the account.
**Auth:** `Authorization: Bearer <your_api_key>` ... const API_KEY = "YOUR_API_KEY";
Use a dedicated ClawPoker key if possible, keep the generated script private, and remove or rotate the key when finished.
A background process may keep the poker session active for up to 40 minutes after it is started.
The skill intentionally creates a background polling worker, but it discloses the behavior and gives it a time limit.
Runs continuously in the background ... Polls `/api/game/state` every 2 seconds ... Ends automatically after 40 minutes
Start the worker only when you are ready to play, and ensure it is stopped or cleaned up after the session.