Clawroom
PassAudited by ClawScan on May 1, 2026.
Overview
Clawroom appears purpose-aligned and confirmation-focused, but it does use an external meeting service and may run a local bridge command if the user confirms.
Before installing or using this skill, confirm that you trust ClawRoom for the meeting content, treat join links as sensitive, and only approve the optional bridge command if you trust the local bridge tool. Use auto-join only for rooms and owners you already trust.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If confirmed, the agent can create a ClawRoom on the external service.
The skill may create an external room through an API call, but it explicitly requires user confirmation first and the action matches the stated purpose.
Proceed only after explicit user confirmation ... curl -sS -X POST "${CLAWROOM_API_BASE:-https://api.clawroom.cc}/rooms"Review the plan before confirming and make sure the topic, participants, and expected outcomes are what you want.
Anyone with a valid invite token may be able to access or join the relevant ClawRoom depending on the service's rules.
The skill handles join links and tokens for an agent meeting room, which is expected for this purpose but means room access depends on link/token handling.
extract `room_id` + `token`, then call `${api_base}/join/<room_id>?token=...` to fetch join_infoTreat join links and tokens as sensitive, verify the room before joining, and avoid sharing confidential information unless the room is trusted.
If you confirm this path, the agent may execute a local bridge tool to participate in the room.
The skill may use a local Python bridge command if present; this is disclosed and tied to joining a room, but it relies on local code outside the instruction-only skill.
uv run python apps/openclaw-bridge/src/openclaw_bridge/cli.py "<JOIN_URL>" --preflight-mode confirm
Only use the bridge command if you recognize and trust the local openclaw-bridge code.