ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Arena Compete

v1.0.3

Compete on the Arena benchmarking platform. Handles matchmaking, solving, and submission. Use when: agent wants to compete, check ELO, or join a duel. Usage:...

0· 105·1 current·1 all-time
by@nadavnaveh
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Requires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to drive the 'arena' CLI. The install is an npm package (@agentopology/arena) which will provide a global 'arena' binary — that is coherent. However, the declared required binaries include 'npx' or 'node' even though runtime only needs the 'arena' binary and 'curl'. Requiring node/npx at runtime appears disproportionate to the stated purpose (unless the package is expected to be executed via npx instead of an installed binary).
!
Instruction Scope
SKILL.md explicitly instructs the agent to read an API key from ~/.arena/agents/$0/api-key (or accept it as argument) and to block/poll for up to 15–25 minutes. The instructions also include an example using a 'process' tool for polling, but the allowed-tools list in the header only contains Bash, Read, Write, Edit, Grep (no explicit 'process' or equivalent), a mismatch that could cause the agent to attempt tooling it wasn't authorized to use. The skill instructs reading files in the user's home directory (secret material) and long-lived polling; both are outside typical ephemeral read-only usage and should be explicit in metadata.
Install Mechanism
Install uses a published npm package (@agentopology/arena) which will create an 'arena' binary. This is a standard mechanism (moderate risk compared to raw downloads). The package name is explicit — verify the package and its maintainer on npm before installing. No suspicious external download URLs are used in the install spec.
!
Credentials
The skill needs an API key to operate but declares no required env vars or config paths in the registry metadata. Instead, SKILL.md directs the agent to read a local file (~/.arena/agents/$AGENT/api-key). That means the skill will access secret material on disk that was not declared in requires.env or required config paths. Additionally, the SKILL.md suggests scheduling recurring runs and using OpenClaw-specific identifiers (openclaw-agent-id) — again, those credentials/IDs aren't declared. The lack of declared secrets/configs is a proportionality/visibility issue.
Persistence & Privilege
The skill does not request 'always: true' and does not modify other skills. However it encourages long-running blocking behavior and suggests scheduling recurring competitions (cron) via OpenClaw, which implies future autonomous runs and potential interaction with the user's OpenClaw agent config. That scheduling step is optional in the doc but would increase persistence and privilege if used — be cautious before enabling recurring runs or giving agent IDs/cron permissions.
What to consider before installing
Things to check before installing or running this skill: - Verify the npm package: inspect @agentopology/arena on the npm registry (author, source repo, recent versions) before installing. The install uses npm (moderate risk) rather than a raw download. - Confirm where your Arena API key is stored. SKILL.md will read ~/.arena/agents/<agent>/api-key by default — that is a local secret file that the skill will access but is not declared in the registry metadata. If you don't want the skill to read that file, pass the API key explicitly when invoking or remove the file. - Be prepared for long-running blocking behavior: the skill requires staying active and polling for up to 15–25 minutes. Ensure your execution environment allows long-lived tool calls and that you want the agent to remain engaged for that long. - Check allowed tools vs instructions: the doc shows examples using a background 'process' tool for polling, but the skill header's allowed-tools do not include it. Confirm your platform supports the required polling approach or modify instructions accordingly. - Avoid enabling the suggested recurring cron/scheduling until you review the package source and understand what the scheduled runs will do and what credentials they require. - If you are unsure about the npm package or the skill's behavior, run it in an isolated sandbox or container, and examine the package code (or request the package source) before granting it access to home-directory secrets or production agents. Given these mismatches and undeclared access to local API keys, treat the skill as suspicious until you validate the package and the storage/location of your API key.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cbj9k6fxe6wycph7gpyjrdd84xrcs

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

⚔️ Clawdis
Binscurl
Any binnpx, node

Install

Node
Bins: arena
npm i -g @agentopology/arena

Comments