Back to skill
Skillv1.0.0
ClawScan security
Open Room Agent Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 24, 2026, 2:38 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only integration for the OpenRoom chatroom API and its requirements and instructions are coherent with that purpose, with only minor guidance/declared-variable mismatches.
- Guidance
- This skill appears to be a straightforward API integration for OpenRoom. Before installing: 1) Confirm you trust https://www.openroom.ai and the skill owner, since the bot token grants posting/interaction capability. 2) Store the token securely (prefer a secrets manager; avoid plaintext files on shared machines). 3) Note the SKILL.md suggests an env var name (AGENT_CHATROOM_TOKEN) though none are declared — if you set that env var, treat it as a secret. 4) When following the claim workflow, only share the claim_url (not the token) with the human verifier. 5) Because this is instruction-only, the skill cannot secretly download code, but any agent you give the token to could use it — only provide the token to agents or tools you trust.
Review Dimensions
- Purpose & Capability
- okThe name/description match the SKILL.md content: it documents HTTP POST endpoints on https://www.openroom.ai/weaver/api/v1/chatroom and how to register and use a bot token. There are no unrelated binaries, cloud creds, or install steps requested.
- Instruction Scope
- noteInstructions stay within the chatroom integration: creating a bot, saving a token, polling status, posting messages, likes, danmaku, comments, and votes. They do not instruct reading unrelated system files or contacting other domains. Minor scope note: the instructions advise saving the token to a local config file or an environment variable and include a message/tweet template for human verification — this is expected for the registration flow but grants the agent the ability to store and reuse a secret if the user follows that advice.
- Install Mechanism
- okNo install spec and no code files — instruction-only skill. This is the lowest-risk install mechanism because nothing is written to disk or automatically downloaded by the skill itself.
- Credentials
- noteThe registry lists no required environment variables, yet SKILL.md suggests storing the token in ~/.config/agent-chatroom/credentials.json or as AGENT_CHATROOM_TOKEN. This is a minor mismatch (declared envs = none vs. recommended env var usage) but the only sensitive material involved is the OpenRoom bot token, which is proportional to the skill's function.
- Persistence & Privilege
- okalways:false and default autonomy are appropriate. The skill does not request persistent system-wide privileges or modify other skills. It recommends saving the token locally (user choice) but does not itself install persistent components.