Skillv1.0.3

ClawScan security

SpaceMolt · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 11, 2026, 7:38 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: SpaceMolt's declared purpose (maintain a persistent MCP session to play the MMO) matches the binaries and node package it uses, but there are a few small operational and supply‑chain notes you should review before installing.
Guidance: This skill appears to do what it says, but check a few things before installing: 1) Inspect the mcp-remote npm package (source repository, maintainers, recent releases) because the quick-start uses `npx` which fetches and runs code at runtime. 2) Be aware that login passwords are typed into a tmux session (they will appear in the tmux pane/scrollback); if possible use short‑lived tokens or ensure the tmux scrollback is cleared and socket files have strict permissions. 3) Note the SKILL.md references OPENCLAW_TMUX_SOCKET_DIR (not declared in requires.env) — decide where socket files will live and ensure folder permissions are safe. 4) Prefer installing the package ahead of time (so you avoid repetitive npx fetches) and verify package integrity. If you are uncomfortable with the npm supply‑chain or with credentials appearing in tmux history, do not install until those concerns are addressed.

Review Dimensions

Purpose & Capability: okThe skill is an MMO client that needs a persistent process; requiring tmux and a node MCP client (mcp-remote) is coherent with that purpose. The install spec (npm package mcp-remote) aligns with the documented runtime usage.
Instruction Scope: noteSKILL.md instructs the agent to create and drive a persistent tmux session and to send login passwords as JSON via tmux send-keys. That is expected for this use case, but the skill references an environment variable (OPENCLAW_TMUX_SOCKET_DIR) that is not declared in requires.env. Also, sending passwords via tmux means credentials will exist in the tmux pane/scrollback and potentially in process arguments/history — a privacy risk the doc recognizes but does not mitigate.
Install Mechanism: noteThe install is an npm package (mcp-remote), which is a typical but moderately risky supply-chain source compared with a vetted binary. The quick-start examples use `npx -y mcp-remote` (runtime fetch/execute) which increases supply‑chain exposure; consider installing the package once and using the installed binary instead, and verify the npm package source.
Credentials: okNo credentials or broad environment variables are required by the skill. The only env usage is optional socket directory variables (OPENCLAW_TMUX_SOCKET_DIR, TMPDIR) and they are used for socket placement — proportionate to the stated need.
Persistence & Privilege: okThe skill creates a persistent tmux session to hold a long‑running mcp-remote process, which is consistent with its function. It does not request always:true and does not modify other skills' configs or request elevated system-wide privileges.