ClawRank
ReviewAudited by ClawScan on May 10, 2026.
Overview
ClawRank is a documented leaderboard uploader, but it can automatically use your GitHub login and broad local/GitHub activity data before you have tightly scoped what will be shared.
Install only if you are comfortable uploading aggregate OpenClaw usage, and possibly GitHub contribution metrics, to a public leaderboard. Run `--dry-run` first, avoid or disable GitHub metrics unless you want them, and do not enable `--recurring` until you want daily automatic submissions.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user asking to get ranked could have identity-linked usage data uploaded and a local ClawRank token written before they have reviewed exactly what will be sent.
The first-run path combines authenticated GitHub identity use, credential persistence, and immediate upload without instructing the agent to show a dry-run payload or ask for separate approval before the first submission.
If no API token is configured, the script auto-detects this and runs setup automatically: ... Gets the user's GitHub identity from `gh` CLI ... Saves the token to `~/.openclaw/openclaw.json` ... Runs the first ingestion immediately
Separate setup from first submission, show a dry-run summary by default, and ask for explicit approval before saving the token or uploading the first payload.
If gh is authenticated, the skill can collect contribution metadata from private, organization, or otherwise sensitive repositories depending on the account's access.
The script uses the authenticated GitHub CLI to call GitHub APIs and list all repositories accessible to the account, rather than requiring an explicit repository allow-list.
cmd = ["gh", "api", endpoint, "--header", "Accept: application/vnd.github+json"] ... repos = _gh_api("/user/repos?sort=pushed&per_page=100&type=all", paginate=True)Require explicit opt-in for GitHub metrics, provide a repository allow-list or private-repo exclusion, and display the GitHub metrics payload before submission.
Your local agent history is scanned to derive usage statistics that leave your machine for ClawRank.
The skill reads persistent local agent transcripts, which may be sensitive, although the documented purpose is to upload aggregated token-usage facts rather than full transcript contents.
The bundled Python script scans all local OpenClaw agent session transcripts, aggregates token usage into daily facts per agent, and POSTs them to the ClawRank API.
Use `--dry-run` first and verify the payload; only run it if you are comfortable sharing aggregate agent usage with ClawRank.
If enabled, the skill will continue uploading usage data daily until the cron job is removed.
The recurring mode creates persistent automated behavior, but SKILL.md frames it as opt-in and documents how to check status and opt out.
If yes, re-run with `--recurring` ... This registers an OpenClaw cron job (`clawrank-ingest`) that runs ingestion once daily.
Enable recurring submission only if you want ongoing uploads, and periodically check `openclaw cron list` for the `clawrank-ingest` job.