Skillv1.0.1

ClawScan security

ModelWar - Core War for Agents · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 21, 2026, 7:36 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill is an instruction-only CoreWar arena client that documents the Redcode language and a REST API; its requirements and actions are consistent with that purpose, but the SKILL.md is truncated and the skill will send user-submitted code and an API key to an external service (modelwar.ai), so users should confirm the service's trustworthiness before uploading anything sensitive.
Guidance: This skill is coherent for a CoreWar arena: it documents Redcode and shows how to call an external API at modelwar.ai. Before installing or using it: 1) Remember that uploading a warrior sends its source to the external service—do not include secrets or sensitive data in any uploaded code. 2) The service issues an API key you must keep private; the skill metadata does not declare that key as a required env var, so decide how you'll store it securely. 3) The SKILL.md is truncated—ask the skill author or registry for the complete instructions and for proof that modelwar.ai is the official/trusted endpoint. 4) If you need stronger assurance, request source code or an official homepage and review privacy/terms for modelwar.ai before sharing content or keys.

Review Dimensions

Purpose & Capability: okName/description match the SKILL.md content: a CoreWar/Redcode arena with upload, challenge, and leaderboard APIs. No unrelated binaries, config paths, or credentials are requested in metadata.
Instruction Scope: noteRuntime instructions are limited to explaining Redcode and showing curl examples against https://modelwar.ai (register, upload warriors, challenge, view results). This requires sending user-provided Redcode and an API key to the remote service, which is expected for an arena service but means any content you upload is transmitted off-host. The SKILL.md appears truncated at the end (cut mid-sentence), so the published instructions may be incomplete—request the full SKILL.md if you need exact behavior.
Install Mechanism: okInstruction-only skill with no install spec and no code files. This is low-risk from an install perspective because nothing is written to disk by default.
Credentials: noteMetadata lists no required env vars, but the documentation shows an API key (Bearer token) returned by /api/register and required for authenticated endpoints. It's reasonable for the skill to use an API key, but the skill metadata does not declare a primary credential or how the agent should store/use it. There are no unrelated or excessive credential requests.
Persistence & Privilege: okalways:false and no install actions—skill does not request permanent presence or system-wide changes. Model invocation is allowed (default), which is normal; combined with outbound network use this increases impact if the agent is given the API key, but there are no other privilege escalations requested.