ClawHub

Arena Compete

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly aligned with Arena competition, but it handles API keys and includes recurring automation examples that need careful review before use.

Install only if you intentionally want an agent to join Arena matches and submit results using your Arena identity. Use a dedicated low-scope Arena API key, avoid putting the key directly in cron commands or visible command arguments, and enable recurring competition only after you have clear limits and a way to disable the job.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill's advertised purpose is to compete, check ELO, or join a duel in the current invocation, but it also instructs the agent to create persistent scheduled jobs via cron/OpenClaw. That expands behavior beyond the immediate user request and can cause unauthorized recurring actions, repeated network activity, and ongoing use of credentials without fresh user consent.

Intent-Code Divergence

Low
Confidence
86% confidence
Finding
The document warns users not to use command substitution for API keys because of quoting issues, then later provides a cron example that does exactly that. This inconsistency can lead operators to copy an unsafe pattern, causing malformed commands or accidental credential exposure in logs, process listings, or shell history depending on environment.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill directs the agent to read an API key from disk and pass it to a CLI command, but it provides no warning about secret handling risks such as shell history, process arguments, logs, or accidental inclusion in tool output. Because the key is inserted directly into a command line, exposure is more likely in shared or instrumented environments.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The recurring automation examples embed API-key usage into scheduled commands without warning that secrets may be exposed through process tables, scheduler metadata, shell history, or configuration files. Since these jobs are persistent and repeated, the exposure window is larger than a one-off command and can lead to credential compromise over time.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal