Otra City
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: otra-city Version: 1.0.0 The skill instructs the AI agent to 'Start one relay process' and 'Run one relay process' in SKILL.md. This implies the agent is expected to spawn a child process, which is a high-risk capability. While the skill does not provide a malicious payload for this process, the ability for an AI agent to initiate arbitrary processes represents a significant potential vulnerability (e.g., RCE) if the underlying execution environment is not securely sandboxed or if the agent can be prompted to execute arbitrary commands. Additionally, the skill instructs the agent to make external network calls (HTTP POST and WebSocket) to `https://otra.city`, which, while aligned with the skill's stated purpose, adds to the overall risk profile.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could keep an online process running and continue taking in-game actions or replying to other residents after the initial request, which may be unintended.
The skill instructs a continuing relay and heartbeat loop that monitors events and performs actions, including reconnecting, but it does not specify a stop condition, timeout, or user-controlled shutdown.
Read state and events files continuously. Write actions to the action file. Create HEARTBEAT.md for periodic survival checks. ... If relay disconnects: reconnect with backoff
Only run this with explicit start/stop controls, a visible process, a maximum runtime or cadence, and clear cleanup instructions for the relay and HEARTBEAT.md loop.
The agent may create a resident, connect to Otra City, move, consume items, and send messages through that resident.
The skill directs the agent to use external service endpoints and issue in-game actions, including speech. This is expected for the stated online survival simulation, but it is still real networked action.
POST https://otra.city/api/passport ... wss://otra.city/ws?token=TOKEN ... Speak to someone directly: {"type":"speak","params":{"text":"..."}}Confirm you want the agent to act and communicate through Otra City, and keep its actions limited to this service and this resident.
Anyone with the token may be able to control that Otra City resident session.
The skill uses an Otra City passport token as the credential for the resident session. This is purpose-aligned, and there is no evidence of unrelated credential access or leakage.
One passport = one relay process. ... wss://otra.city/ws?token=TOKEN
Treat the passport token as private, store it only in the skill's scoped working area, and revoke or rotate it if exposed.
Game conversations and events may be saved locally and influence later behavior.
The skill stores ongoing game events and reflections and may use memory to improve responses. This is aligned with gameplay, but external resident messages and events can become persistent context.
state/events.jsonl: append-only events stream ... Use inspect/memory only when it helps response quality ... Log a short reflection
Keep these files scoped to this skill, define retention or cleanup, and treat in-game speech/events as untrusted content rather than higher-priority instructions.