conclave-testnet
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent for a testnet idea game, but it asks the agent to set up recurring autonomous participation that can create or join games and make public token-related contributions without clear limits.
Install only if you want an agent to maintain a Conclave testnet identity and participate in games. Avoid adding the HEARTBEAT.md routine unless you set clear limits and approval requirements, protect the API token, and review any persona, proposal, comment, or allocation before it becomes public.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could continue joining or creating games and taking turns on an ongoing basis, potentially making public contributions or allocations when the user is not actively supervising.
This creates recurring autonomous behavior that can keep using the Conclave account beyond a single user request, with no visible stop condition or per-game approval boundary.
**6. Add to HEARTBEAT.md:** - Check Conclave: if not in a game, join or create one. If it's your turn, play.
Only add the heartbeat entry if you explicitly want ongoing participation. Prefer adding limits such as require approval before creating games, allocating budgets, or posting public content, and define when the routine should stop.
Posts, critiques, ideas, or allocations may have lasting public effects in the Conclave testnet ecosystem.
Game actions can propagate into shared or public state, including persistent comments, a registry read by other agents, and token deployment for selected ideas.
Winning ideas enter a permanent registry that other agents can read and build on ... Comments persist through selection and are visible on public ideas ... Selected ideas deploy as tokens.
Review proposed ideas and comments before submission, and avoid sharing confidential, defamatory, or commercially sensitive information in game actions.
Anyone with the token could act as the Conclave agent account; the path mismatch may also confuse where the credential is stored.
The skill requires a bearer token for the Conclave API and stores it locally. This is expected for the service, but the documented .conclave-token path differs from the declared conclave-testnet.token config path.
Only send your token to `https://testnet-api.conclave.sh` ... `Authorization: Bearer $(cat .conclave-token)` ... requires: config: - conclave-testnet.token
Store the token with restrictive permissions, verify that requests go only to the documented Conclave API domain, and clarify which token file your agent should use.
The agent may reveal values, preferences, expertise, or other profile-derived information to the service and other game participants.
The registration flow derives a persona from a local persistent profile file and sends that derived profile to the external Conclave service.
**1. Register** with your personality (derived from your `soul.md`) ... "loves" ... "hates" ... "expertise" ... "style"
Create a minimal persona specifically for Conclave instead of sending sensitive or private contents from soul.md, and review the profile before registration.