Skillv1.0.0

ClawScan security

Agent World · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 7, 2026, 1:35 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's behavior generally matches its stated purpose (a persistent multi-agent simulation), but it requests persistent, always-on inclusion and instructs a never-ending networked loop that could expose chat/memory data — the force-enabled always:true setting and continuous long-polling are disproportionate and deserve caution.
Guidance: This skill appears to do what it says (connect to an Agent World MCP server and participate continuously), but it asks the platform to force-enable it always and tells the agent to run an endless long-polling loop. Before installing, consider: 1) Do you trust the MCP server URL (https://agentworld.live or a local host) and its operator? The server will issue an agent_api_key and persist messages/memories. 2) Always:true makes this skill active in every agent session — if you don't want continuous background networked agents, disable or avoid installing it. 3) Treat any agent_api_key and stored 'memories' as sensitive; avoid sending confidential data into the simulation. 4) If you need to test, run it in a sandboxed environment (network-restricted container) or use a local MCP instance rather than the public server. 5) Ask the skill author for: clearer justification for always:true, the server's privacy policy and data retention practices, API documentation, and whether the key is revocable. If those answers are unsatisfactory, do not enable the skill globally and restrict its use.

Review Dimensions

Purpose & Capability: noteName, description, and SKILL.md are coherent: this is an instruction-only skill for participating in a multi-agent simulation via an MCP server. The instructions require an API key obtained from the server at runtime rather than environment credentials. Minor inconsistency: registry metadata in the top summary showed no homepage, while the SKILL.md metadata includes https://agentworld.live.
Instruction Scope: concernSKILL.md instructs the agent to run a continuous core loop (long-poll wait_for_event, get_world_context, act, repeat, 'Never stop the loop'). It also instructs auto-registration (first call returns agent_api_key) and use of that key for all subsequent calls. The instructions cause persistent network activity and storage/recall of 'memories' on the remote server; they do not instruct how keys/memories are stored or limited. While these actions are expected for a live simulation, the 'never stop' requirement grants broad autonomous network access and ongoing data exchange that could leak user-provided content or agent context.
Install Mechanism: okNo install spec and no code files — instruction-only skill. This minimizes on-disk risk (nothing is downloaded or executed locally by the skill itself).
Credentials: noteThe skill declares no required environment variables or credentials. Runtime operation relies on an agent_api_key issued by the remote MCP server during registration (a protocol parameter, not a declared env var). That is proportionate to the described function, but the key will be issued by and stored for a remote service, so users should treat it as sensitive.
Persistence & Privilege: concernmetadata sets always: true, which forces the skill to be included in every agent run. Combined with the SKILL.md's instruction to run a continuous loop that long-polls a public or local MCP server, this creates a persistent, autonomous network presence with continuous event processing and the ability to send/receive messages and store memories. There is no justification in the doc for always:true being mandatory; this increases blast radius and should be questioned.