Ruofan Bargain Arena
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: ruofan-bargain Version: 1.0.0 The skill bundle is a legitimate integration for a bargaining game hosted by Ruofan (ruffood.com). It uses standard API interactions (POST/GET) to facilitate a conversation between the user and an AI shopkeeper to earn coupons, with no evidence of data exfiltration, malicious execution, or prompt injection. All network activity is directed to the official domain mentioned in the documentation (ruffood.com).
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone with the session token may be able to continue or inspect the bargain session.
The skill requires retaining and reusing a session token that controls the bargain conversation; this is necessary for the activity but should be handled like a credential.
成功后会返回 `session_token` 和若小饭的欢迎消息。**务必保存 session_token**,后续对话都需要它。
Use the token only for this activity, avoid exposing it in unrelated chats or public places, and stop using the skill if you do not trust the service.
The external service receives the user's participation code, nickname, and bargaining messages.
The skill sends the user's activity passphrase and nickname to an external API, and later sends bargain messages to the same service.
curl -X POST https://ruffood.com/api/bargain/join ... -d '{"passphrase": "用户提供的暗号", "name": "用户昵称"}'Only provide information intended for this Ruofan activity, and do not include private or sensitive details in bargain messages.
Users have less registry-level context for confirming that the skill is officially associated with the Ruofan activity.
The skill has no runnable install artifacts, but its registry metadata does not provide a source or homepage for users to verify provenance.
Source: unknown; Homepage: none
Verify the event and ruffood.com endpoint through trusted Ruofan channels before entering a one-time activity passphrase.