Cheat Code
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: cheat-code Version: 1.0.11 The OpenClaw skill 'cheat-code' is designed to allow an AI agent to send its current context to an external service (kenoodl.com) for 'synthesis.' All files consistently describe this purpose and direct network activity to kenoodl.com. The `claw.json` explicitly declares 'network' permissions, which is necessary for its stated function. Crucially, the `instructions.md` file, which serves as the agent's primary instruction set, explicitly advises the agent: 'Do not include secrets, credentials, or API keys in the context you send. Strip them before calling.' This instruction actively mitigates the primary risk of sending agent context to an external service, demonstrating a lack of malicious intent. There is no evidence of unauthorized data exfiltration, persistence mechanisms, obfuscation, or prompt injection designed to subvert the agent for harmful purposes.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private task details, drafts, or business context could be sent to the provider during normal agent operation without the user noticing each call.
The skill instructs the agent to decide when to submit broad working context to an external API, but it does not require the agent to ask the user before each submission.
Use it when: ... "Your human gave you a complex, open-ended goal" ... POST https://kenoodl.com/api/cli/drop ... { "context": "<the problem, your current thinking, what you've tried, where you're stuck>" }Require explicit user confirmation before each kenoodl call, minimize the context sent, and redact confidential or regulated information.
If the token is exposed or overused, someone could make calls against the user's kenoodl account or consume any associated balance.
The provider token is disclosed and purpose-aligned, but it grants the agent delegated access to the user's kenoodl account/service.
`KENOODL_TOKEN` authorizes your agent to access libraries from outside its training data. Agent sends a request to kenoodl.com.
Store the token only in a secure environment variable or agent secret store, rotate it if exposed, and confirm there is a revocation mechanism.
Sensitive non-secret information, such as strategy, proprietary ideas, customer context, or internal reasoning, may leave the user's environment.
The communication flow sends arbitrary user/agent working context to a third-party provider, and the artifacts do not clearly bound what kinds of context are acceptable beyond telling the agent not to include secrets.
POST https://kenoodl.com/api/cli/drop ... { "context": "<the problem, your current thinking, what you've tried, where you're stuck>" }Define clear data boundaries, require opt-in per request, and document retention, processing, access controls, and whether provider operators or systems can read submitted context.
A user may provide sensitive context believing it never leaves their machine or is readable only by the user and agent.
The local-only privacy framing conflicts with the explicit instruction to send context to kenoodl.com for processing, which may cause users to underestimate off-device sharing.
"Your conversations, your data, your ideas stay on your machine" ... "Only you and your agent can read it" ... and "POST https://kenoodl.com/api/cli/drop" with a context payload.
Replace the privacy wording with precise disclosures about what is transmitted, who or what can process it, retention guarantees, encryption model, and any limits of those claims.