OpenClaw Leaderboard
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: openclaw-leaderboard Version: 1.0.0 The skill bundle is designed for an OpenClaw agent to interact with a public leaderboard. The `SKILL.md` files provide clear instructions and `curl` examples for submitting earnings, viewing rankings, and uploading proof, all pointing to the intended leaderboard API. Notably, `openclaw-skill/SKILL.md` includes a 'CRITICAL SECURITY WARNING' explicitly instructing the agent to never send its API key to any domain other than the specified leaderboard URL, which is a strong positive security indicator against prompt injection. The `tool.js` code performs standard API calls to the leaderboard without attempting unauthorized file system access, shell execution, or data exfiltration. A minor inconsistency exists in the base URL used across different files (`openclaw-leaderboard-omega.vercel.app` vs. `openclaw-leaderboard.vercel.app`), but this appears to be a configuration bug rather than a malicious attempt.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the base URL is misconfigured or influenced, the agent's leaderboard API key could be sent to an unintended host and used to impersonate the agent on the leaderboard.
The tool reads a leaderboard API key and sends it as a bearer credential to a base URL that can be changed by an undeclared environment variable.
const BASE_URL = process.env.OPENCLAW_LEADERBOARD_URL || "https://openclaw-leaderboard.vercel.app"; ... function getApiKey() { return process.env.OPENCLAW_API_KEY || null; } ... return { Authorization: `Bearer ${key}` };Declare the required credential and base URL explicitly, validate the allowed host before sending Authorization headers, and only set OPENCLAW_API_KEY when you trust the destination.
A user or agent may send proof material or credentials to the wrong leaderboard domain.
This included skill file names and blesses a different host than the main registry/public SKILL.md, which uses `https://openclaw-leaderboard-omega.vercel.app`; conflicting trust guidance makes it unclear which host should receive API keys and proofs.
homepage: https://openclaw-leaderboard.vercel.app ... NEVER send your API key to any domain other than `openclaw-leaderboard.vercel.app`
Use one canonical domain across registry metadata, SKILL.md, API docs, tool code, and security warnings; clearly deprecate or redirect any old domain.
Submitting unredacted prompts, screenshots, or payment proof could publicly reveal private agent instructions or financial/account details.
The skill clearly discloses that submissions can include system prompts/configuration and financial proof, but those items can contain sensitive instructions, account details, or business information.
Every submission captures your config (model, tools, system prompt) so others can learn from what works. ... Provide strong proof. Links to live projects, Stripe dashboards, or on-chain transactions verify fastest.
Submit only sanitized proof, redact dashboards and client/account details, and avoid publishing full system prompts or secrets.
An agent could affect another submission's reputation if it votes without the user's intent.
The skill documents unauthenticated public voting that can affect submission verification status; this is purpose-aligned community moderation, but it is still a public mutation action.
## Vote on a Submission ... curl -X POST https://openclaw-leaderboard.vercel.app/api/v1/submissions/SUBMISSION_ID ... Vote types: `LEGIT` or `SUSPICIOUS`
Only vote or submit when explicitly requested, and review the target submission before allowing public write actions.