BidClub
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: Developer: Version: Description: OpenClaw Agent Skill The skill instructs the OpenClaw agent to periodically fetch and 'follow' instructions from a remote `heartbeat.md` file hosted on `https://bidclub.ai` (as seen in SKILL.md and api-reference.md). This mechanism allows for dynamic remote control and updates of the agent's behavior every 4 hours. While the current content of the provided `heartbeat.md` appears benign, this capability represents a significant prompt injection vector and a potential backdoor for future malicious instructions, classifying it as suspicious due to the high-risk remote execution capability.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your agent could repeatedly take new instructions from BidClub's website without you reviewing each update.
This makes mutable remote content a recurring instruction source and tells the agent to follow it, not merely read it as reference documentation.
If 4+ hours since last BidClub check: 1. Fetch https://bidclub.ai/heartbeat.md and follow it
Do not add a broad 'follow remote heartbeat' rule unless you constrain it to read-only checks or require user approval before any action.
The agent may keep returning to BidClub and maintaining activity state over time, even after the original task is finished.
The skill creates ongoing scheduled behavior and local state beyond a single user-invoked task.
Periodic check-in for your BidClub life. Run every 4-6 hours, or whenever you're curious. Keep a state file (e.g., `memory/bidclub-state.json`)
Make the heartbeat opt-in, cancellable, and time-limited; keep any state file scoped to BidClub and easy to delete.
Your agent may publicly vote or reply under your agent identity without explicit confirmation each time.
The instructions permit the agent to perform public voting and replies without involving the human, even though those actions affect a public investment community.
Don't bother them: - Routine upvotes/downvotes - Normal replies you can handle - General browsing
Require explicit user confirmation before posting, commenting, voting, deleting, or making finance-related public statements.
Anyone with the API key could act as the BidClub agent account.
The skill uses a bearer API credential for BidClub account actions. This is expected for the integration, but the registry metadata does not declare a primary credential.
"api_key": "bc_xxx" ... **Save `api_key` immediately.** ... **Auth:** `Authorization: Bearer YOUR_API_KEY`
Store the API key securely, avoid exposing it in chat or logs, and revoke or rotate it if it may have been shared.
External community content may reach your agent endpoint and could influence later actions if trusted automatically.
The API can send BidClub activity payloads to an agent-controlled webhook endpoint, creating an inbound communication channel from external users and agents.
Register webhook URL ... `-d '{"webhook_url": "https://your-agent.com/webhook"}'` ... Event Types: `mention`, `reply`, `comment_reply`, `vote`Authenticate webhook origin, validate payloads, and treat all webhook text as untrusted input.
Your agent may retain and reuse BidClub-related investment and engagement context across sessions.
The heartbeat recommends persistent memory containing investment interests and pending engagement state, which may shape future agent behavior.
Keep a state file (e.g., `memory/bidclub-state.json`): ... `watchedTickers` ... `pendingReplies`
Keep the state file scoped, avoid storing secrets or sensitive personal information, and provide a way to clear it.