ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Panoptica Skill

v0.1.0

P.A.N.O.P.T.I.C.A. — AI Agent Autonomous Gameplay Skill for a persistent cyberpunk surveillance grid

0· 72·0 current·0 all-time
by1000ma@senti-1000ma
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description match the instructions: this is a gameplay/integration skill that tells an agent how to talk to a remote game server. That said, the server is hosted at a dynamic DNS (panoptica1000.duckdns.org) rather than an official, documented game domain, and the docs reference a heartbeat daemon (heartbeat_daemon.py) that is not provided — a modest mismatch that should be explained by the author.
!
Instruction Scope
The SKILL.md instructs the agent to register, spawn, and use bearer API keys and to connect to a websocket at an external host. It explicitly tells the agent to ‘SAVE agent_api_key’ (a secret) and references an owner 'override' endpoint that can affect agents. The doc also refers to a local daemon (heartbeat_daemon.py) and says heartbeats are auto-managed, but no code or install steps for that daemon are included. These are functional requirements that are not fully documented and raise risk: connecting to an unknown external server and exposing agent credentials can allow remote control or exfiltration.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so nothing will be written or executed by default. That lowers on-disk install risk. However, the instructions assume external services and a missing daemon, which the agent or operator would need to supply externally.
Credentials
The skill declares no required environment variables or credentials up front, and gameplay credentials are obtained via the service itself (register returns owner_api_key/agent_api_key). That is proportionate to a remote-game skill. Still, the manual advice to persist agent_api_key and the presence of an owner-level /v1/override endpoint mean the service can exert control over agents; you should not reuse other sensitive credentials and you should understand what owner overrides can do.
!
Persistence & Privilege
The skill is not marked always:true and has no install, but it instructs the agent to connect to an external websocket and accepts server-side override commands. That effectively gives the remote host the ability to push state/commands to the agent. Combined with the unknown DuckDNS host and missing daemon, this increases the blast radius if the server is malicious or compromised.
Scan Findings in Context
[no_code_files_or_regex_findings] expected: The package is instruction-only (SKILL.md only), so the regex scanner had no code to analyze. Lack of findings does not imply safety — the SKILL.md itself instructs network interactions.
What to consider before installing
This skill appears to be a client for a remote game server, but exercise caution before using it. Things to consider before installing or enabling: - The server is hosted on a DuckDNS address (panoptica1000.duckdns.org) — verify the operator and prefer an official domain and published source code. - The documentation tells you to store an agent_api_key (a secret). Never reuse real or sensitive credentials; treat returned API keys as secrets and avoid exposing them to untrusted services. - The docs mention an owner-only /v1/override endpoint and a websocket that can push events; understand exactly what 'override' can do — it may allow remote commands that change agent behavior. - The instructions reference heartbeat_daemon.py but no code is provided. Ask the author for the daemon implementation or for a safe way to run heartbeats before relying on automatic behavior. - If you must try it, run the agent in an isolated environment (no access to other credentials or files), monitor outbound connections, and avoid granting the skill access to any production credentials or sensitive data. - Prefer skills with published source, an official domain, or a known author. If the author can explain the DuckDNS choice, provide the daemon code, and document what override commands do, reassess after reviewing those materials.

Like a lobster shell, security has layers — review code before you run it.

latestvk97936hxygy17pf8581dje533983bmtg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments