Arena Council — Multi-Model AI Debate
PassAudited by VirusTotal on May 3, 2026.
Overview
Type: OpenClaw Skill Name: nerua1-arena-council Version: 1.0.2 The skill implements a multi-model voting system but includes 'God Mode' integration designed to bypass LLM safety filters (censorship) via automated prompt manipulation and model probing. It attempts to dynamically load and execute code from a sibling directory ('../god-mode/scripts') and explicitly instructs the agent in SKILL.md to use 'uncensored' models or jailbreak techniques if models refuse a request. While not directly exfiltrating data or attacking the host, the automated subversion of safety guardrails and reliance on external, unverified code dependencies are high-risk behaviors.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your request may be transformed into a jailbreak-style prompt without an explicit confirmation each time, potentially producing outputs you did not intend to solicit.
The skill can automatically rewrite the user's prompt using a stored bypass technique when a model is marked censored, changing the prompt semantics and attempting to override model refusals.
If model is known-censored, wrap prompt with the stored technique... return apply_technique(prompt, technique)
Make any refusal-bypass behavior explicit, disabled by default, and require a clear user opt-in before modifying prompts.
Prompts given to this skill may be sent to multiple locally running models rather than just one model.
The skill sends prompts to a local LM Studio chat-completions API, which is expected for a local multi-model council but is still a real model-invocation data flow.
LMSTUDIO_BASE = "http://127.0.0.1:1234/v1" ... session.post(f"{LMSTUDIO_BASE}/chat/completions", json=payloadUse explicit model lists and avoid submitting sensitive prompts unless you are comfortable with all selected local models receiving them.
If a god-mode folder exists, this skill may execute additional Python code that was not included in this review and may change how prompts are handled.
The skill conditionally adds a sibling god-mode scripts directory to Python's import path and imports modules from it, so runtime behavior depends on unbundled code outside this skill's reviewed files.
GOD_MODE_DIR = Path(__file__).parent.parent.parent / "god-mode" / "scripts" ... sys.path.insert(0, str(GOD_MODE_DIR))
Declare this dependency clearly, pin or bundle reviewed helper code, and avoid importing executable code from sibling skill directories by default.
A saved profile can affect later sessions, causing future prompts to be modified based on prior or potentially altered profile state.
The skill stores and later reuses persistent model-profile data that determines whether and how future prompts are wrapped with god-mode techniques.
profiles_file = GOD_MODE_DIR / "model_profiles.json" ... profiles[model_id] = result ... save_profiles(profiles)
Store profiles in a clearly scoped location, show users when profile state is used, provide a disable/clear option, and validate profile contents before applying prompt transformations.