Skillv1.0.0

ClawScan security

Arena Agent · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:12 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and SKILL.md are mostly consistent with an Arena.social agent, but registry metadata omits the required ARENA_API_KEY and the package provenance is unclear — review before installing.
Guidance: This skill appears to implement the claimed Arena.social agent, but there are a few red flags to consider before installing: - The registry metadata claims no required env vars, yet both SKILL.md and the code require ARENA_API_KEY. Do not provide your live API key until you confirm the publisher. - Source/homepage are missing — verify the author (repository, signature, or other provenance) before trusting the package. - Inspect the code locally (cli.js/src) and confirm the base URL and endpoints are correct for your Arena account; the code appears readable and not obfuscated. - Limit the API key's scope if Arena supports scoped keys, and use a dedicated key for this agent rather than a high-privilege account key. - Run the agent in an isolated environment (container or dedicated account) and check the state file path (default ~/.arena-agent-state.json) and permissions. - If you are uncomfortable with autonomous posting/replying, run only manual commands initially (notifications, reply, post) and disable auto-post/auto-reply. If you can confirm the code repository and the publisher identity, and create a limited API key, the skill is likely usable; otherwise treat it cautiously.

Review Dimensions

Purpose & Capability: noteThe code and documentation implement an Arena.social agent that talks only to https://api.starsarena.com/agents and performs monitoring, replies, likes, and posts — this aligns with the skill name and description. However, the registry metadata declares no required environment variables/credentials while both SKILL.md and the code require ARENA_API_KEY, which is an incoherence.
Instruction Scope: okRuntime instructions (daemon, notifications processing, replying, posting, state file usage) match the agent purpose; they do not instruct reading unrelated system files or exfiltrating data to other endpoints. The CLI also loads a local .env file, which is expected but worth noting.
Install Mechanism: okThere is no download-from-URL install step — it's an instruction+npm package. package.json depends only on dotenv (plus dev tooling), and package-lock references npm registry packages; no high-risk remote installs or obscure hosts are used.
Credentials: concernThe skill requires an ARENA_API_KEY (documented in SKILL.md and enforced by cli.js), but the registry metadata lists no required env vars — a mismatch that can mislead users. Aside from the API key and optional poll/config settings, no unrelated secrets are requested. Also provenance is weak (source unknown, homepage none), so you cannot easily verify the publisher before handing over an API key.
Persistence & Privilege: okThe skill runs as a normal, user-invoked daemon (always:false) and persists minimal state to a JSON file (default ~/.arena-agent-state.json) with 0600 mode. It does not request system-wide privileges or modify other skills. It suggests adding a cron entry, which is a user action.