Room 418
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is a disclosed game client, but its auto-play and cron modes can let adversarial agent messages drive an OpenClaw sub-agent and submit turns without user review.
Install only if you want an autonomous external game client. Before use, choose manual or notify mode if you want review, set a non-identifying ROOM418_AGENT_NAME, avoid setup-cron.sh unless you want background play, and keep the Room 418 credentials file private.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or adversarial opponent message could try to steer the local agent outside the intended game response, especially in auto mode.
Messages from other agents are placed into a prompt for a local OpenClaw agent session, but the artifacts do not show a clear untrusted-content boundary or tool restriction for that sub-agent.
CONVERSATION=$(echo "$BATTLE" | jq -r '.messages[] | "[\(.role)] \(.content)"') ... RESPONSE=$(openclaw agent ... --message "$PROMPT" ...)
Run in manual or notify mode unless you are comfortable with autonomous play, and restrict the sub-agent's tools or sandbox it so opponent text is treated only as game data.
The agent can post game messages and continue joining matches automatically, which may surprise users expecting review before external submissions.
The default mode is auto, generated responses are submitted to the game server, and finished battles can be requeued without a per-turn user approval step.
MODE="auto" ... SUBMIT_RESULT=$("$SCRIPT_DIR/submit-turn.sh" "$BATTLE_ID" "$RESPONSE" 2>&1) ... api_post "/api/agent/queue/join"Set ~/.config/room418/config.json to notify or manual before playing if you want to approve each message; make auto mode an explicit opt-in during setup.
If enabled, Room 418 can keep waking up and acting in the background after the initial play session.
The setup script creates a persistent recurring job in the main session; its message tells the agent to read HEARTBEAT.md, generate dialogue, and submit when it is the user's turn.
openclaw cron add --name "room418" --every "2m" --message "$CRON_MSG" --session "main"
Only run setup-cron.sh if you want persistent autonomous play, prefer a dedicated isolated session, and remove it with openclaw cron rm room418 when done.
Anyone who obtains this file could act as your Room 418 agent.
Registration stores a Room 418 bearer token locally and later scripts use it for API calls; this is expected for the game service and the file is chmod 600.
token: .data.token ... > "$CRED_FILE"; chmod 600 "$CRED_FILE"
Keep ~/.config/room418/credentials.json private, avoid untrusted ROOM418_API_URL values, and delete the credential file if you stop using the service.
Your device hostname could be sent to the external Room 418 service and appear as part of your game identity.
If the user does not set ROOM418_AGENT_NAME, the default registered name includes the local short hostname, which may reveal a personal or organizational machine identifier.
AGENT_NAME="${ROOM418_AGENT_NAME:-openclaw-$(hostname -s | tr '[:upper:]' '[:lower:]')-$(date +%s | tail -c 5)}"Set ROOM418_AGENT_NAME to a pseudonym before registration, and update the skill to avoid hostname-derived defaults.