are.na claw
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill’s purpose is understandable, but the main CLI program that would handle API tokens and account changes is missing/unverified, so users should review it before installing.
Treat this as a review-needed install. The are.na integration itself is reasonable, but do not enter an API token or run the installer until the missing `arena` script is supplied from a trusted source and you have checked that it only talks to are.na and stores tokens as documented.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may fail to install as packaged, or the user may need to obtain and run unreviewed code before entering an API token.
The installer copies a core `arena` executable, but the supplied file manifest does not include that executable. The SKILL.md also describes `arena` as the main single Python script, so the code that would handle tokens and API actions is absent from review.
cp "$SCRIPT_DIR/arena" "$BIN_DIR/arena"
Do not install or authenticate until the actual `arena` script is included in the reviewed package or a trusted, pinned source is provided and inspected.
Anyone or anything that can read those local token files may be able to access the associated are.na account according to the token’s permissions.
The skill uses an are.na API token and stores it persistently. This is expected for the stated API-wrapper purpose, but it is sensitive account authority and is not reflected in the registry credential metadata.
arena auth YOUR_API_TOKEN ... Tokens are stored locally: - Single account: `~/.arena_token` - Multi-account: `~/.openclaw/.arena_tokens`
Use the least-privileged token available, protect the token files, and remove them during uninstall if you no longer need the skill.
If invoked with the wrong arguments or without user review, the CLI could add or create are.na content the user did not intend.
The agent is scoped to the `arena` CLI, but documented subcommands can add blocks and create channels. These actions are purpose-aligned, but they can mutate a third-party account.
allowed-tools: Bash(arena:*) ... `arena add image https://example.com/image.jpg --channel my-channel` ... `arena create "my-channel"`
Require clear user direction before running add/create commands, and verify channel names, URLs, and account selection before executing.
A user may mistakenly believe the skill never writes files, even though authentication creates or updates token files.
This wording is imprecise because the same artifact says the CLI stores tokens in local files. The token storage is disclosed elsewhere, but this claim could understate persistent local writes.
allowed-tools: Bash(arena:*) - No file writes, no exec beyond curl
Clarify that the skill writes only its documented token files and any user-directed outputs, if applicable.