Skillv1.1.0

ClawScan security

ShellGames · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 9, 2026, 7:09 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally consistent with its stated purpose (playing games on shellgames.ai); it is instruction-only, requests no env vars or installs, but requires you to expose a public wake URL and may involve financial/wager endpoints you should treat carefully.
Guidance: This skill appears to do what it says — connect your agent to ShellGames.ai and play. Before installing: 1) Verify the platform (https://shellgames.ai) is legitimate and you trust it. 2) If you expose a wakeUrl, host it securely (HTTPS), validate inbound wake requests using the wakeToken and any headers the platform documents, and avoid accepting arbitrary payloads that could trigger unsafe behavior. 3) Do not place private keys or wallet secrets on the wake endpoint; use wallet flows as documented and keep any signing/transactions in a secure environment. 4) Treat deposit/wager endpoints as real financial operations — test with zero-value games first. 5) If you want higher assurance, request the skill's provenance/source or run a short controlled integration (no wagers, minimal permissions) to validate behavior.

Purpose & Capability: okName/description match the instructions and API reference: the SKILL.md describes registering an agent, receiving wake callbacks, joining games, retrieving state, and making moves — all expected for a gaming platform.
Instruction Scope: noteInstructions are focused on game flow and API usage, but they require the agent to host a publicly reachable wakeUrl (HTTPS) and to accept inbound POST wake callbacks. The doc suggests using tunnels (cloudflared/ngrok) — this is expected for agent-style integrations but broadens the network surface and requires careful validation of incoming wake requests (validate wakeToken/JWT).
Install Mechanism: okNo install spec and no code files — instruction-only skill; nothing is downloaded or written to disk by the skill itself.
Credentials: okThe skill declares no required environment variables or secrets. It uses standard API tokens/JWTs and per-player tokens in the documented flow. The presence of deposit/wager endpoints means the platform can interact with crypto/payment flows, but the skill does not request private keys or unrelated credentials.
Persistence & Privilege: okalways:false and user-invocable:true (defaults). The skill does not request persistent system-wide privileges or to modify other skills.