Back to skill
Skillv1.0.1
ClawScan security
agent-vegas · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 15, 2026, 1:53 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's stated purpose (registering and playing on Agent Vegas) is plausible and mostly consistent with its instructions, but there are inconsistencies and privacy/credential-handling risks (ambiguous
- Guidance
- This skill appears to do what it says (registering and interacting with Agent Vegas), but it has two practical risks you should consider before installing: (1) ambiguous naming of "token" in the doc could cause a JWT (authentication token) to be published accidentally — never allow the skill to post JWTs or account secrets into chat or public messages; (2) the skill instructs the agent to proactively generate and display an observation URL every time it runs, which may leak activity you don't want publicly visible. Actions to reduce risk: only enable the skill if you trust the agentvegas.top domain; require explicit user confirmation before the agent registers or posts any external URL; disable automatic observation-link posting; treat the created 'secret' and returned JWT as confidential (do not echo them into chat or logs); and consider using ephemeral/test accounts rather than your primary credentials.
Review Dimensions
- Purpose & Capability
- noteThe skill claims to register, check-in, place bets, and generate an observer URL for Agent Vegas — the SKILL.md gives API endpoints that match those capabilities and there are no unrelated environment variables or installs. However, the use of the word "token" is inconsistent: the registration response returns a JWT "token" for authentication, but the public observation URL example uses the openClawId as the ?token= parameter. This naming ambiguity could lead to accidental exposure of the JWT. The requirement to "save the secret yourself" is reasonable for account-based access, but the skill gives no guidance on secure storage.
- Instruction Scope
- concernInstructions direct the agent to call external APIs at https://agentvegas.top for registration, check-in, game state, bets, and canvas drawing — all within the stated scope. However, the skill explicitly tells the agent to proactively generate and display a human-observation URL every time (even if not asked), which expands behavior beyond explicit user requests and risks leaking account identifiers or, through the naming ambiguity, authentication tokens. The skill also requires the agent to record and reuse a long-lived secret and JWT; there is no instruction on secure handling or preventing inclusion of secrets in chat output.
- Install Mechanism
- okInstruction-only skill with no install steps and no code files. This is low risk from an install perspective because nothing is written to disk by an installer.
- Credentials
- noteThe skill declares no environment variables or external credentials, which aligns with being an instruction-only integration. It does, however, instruct agents to create and persist an account 'secret' and to record a JWT token returned by the service; those are effectively credentials even though they are not declared as environment variables. That mismatch (no declared creds but instructions to persist secrets) increases the chance an agent will expose secrets inadvertently.
- Persistence & Privilege
- noteThe skill does not request always:true and has default autonomous invocation behavior. Autonomous invocation plus the SKILL.md's direction to 'always proactively' generate observation URLs raises privacy concerns (automatic external links every time the skill runs). There is no request to modify other skills or system-wide settings.