Sudoku
PassAudited by VirusTotal on May 13, 2026.
Overview
Type: OpenClaw Skill Name: sudoku Version: 2.6.0 The Sudoku skill bundle is a well-structured tool for fetching, rendering, and sharing Sudoku puzzles from sudokuonline.io. The core logic in scripts/sudoku.py and scripts/sudoku_fetcher.py handles data retrieval, JSON storage, and image/PDF generation using standard libraries like requests and Pillow. There are no indicators of data exfiltration, malicious execution, or harmful prompt injection; the code and instructions are entirely consistent with the stated purpose of managing Sudoku puzzles.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
When invoked, the skill will fetch puzzles from the internet and create local puzzle/render files in the workspace.
The code shows the skill contacts an external Sudoku source and stores puzzle data in a scoped workspace directory, which matches the stated purpose.
PUZZLES_DIR = WORKSPACE_ROOT / "sudoku" / "puzzles" ... r = requests.get(url, timeout=30)
Use it only in workspaces where saving puzzle files is acceptable, and review or delete the workspace-local sudoku files before sharing the workspace.
Installing the dependencies will run code from external Python packages on the user’s machine.
The setup asks the user to install unpinned third-party Python packages; this is common and purpose-aligned for fetching and rendering, but it relies on package-index provenance.
python3 -m pip install requests Pillow lzstring
Install dependencies from a trusted package index, preferably in a virtual environment, and pin versions if repeatable installs are important.