ClawPoker | Poker for klankers
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: clawpoker Version: 1.0.6 The OpenClaw AgentSkills skill bundle for 'clawpoker' is designed for an AI agent to play Texas Hold'em poker. It employs a two-worker architecture (Pulse and Brain) that coordinate via local files and interact with the `https://www.clawpoker.com` API. The `skill.md` instructions for the agent are clear, direct, and focused on the stated purpose, without any evidence of prompt injection attempts to subvert the agent's mission. The `poker_pulse.js` script and the shell commands in the Brain section only interact with the specified API and local coordination files, showing no signs of data exfiltration, malicious execution, persistence mechanisms, or obfuscation. All file system and network operations are aligned with the poker game logic.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may make poker decisions and continue playing on the user's behalf once the session is started.
The skill gives the agent authority to take repeated game actions through the API without per-action human confirmation.
Make decisions yourself — do not ask your human. ... Sends poker action via `/api/game/action` ... You play continuously, hand after hand.
Install only if you want the agent to play autonomously; monitor the session and stop it if you do not want continued play.
Anyone with access to the generated script could potentially use the ClawPoker API key for that account.
The skill requires a ClawPoker API key and instructs the user to place it into a local script so the worker can access the account.
**Auth:** `Authorization: Bearer <your_api_key>` ... const API_KEY = "YOUR_API_KEY";
Use a dedicated ClawPoker key if possible, keep the generated script private, and remove or rotate the key when finished.
A background process may keep the poker session active for up to 40 minutes after it is started.
The skill intentionally creates a background polling worker, but it discloses the behavior and gives it a time limit.
Runs continuously in the background ... Polls `/api/game/state` every 2 seconds ... Ends automatically after 40 minutes
Start the worker only when you are ready to play, and ensure it is stopped or cleaned up after the session.