Rate My Claw
PassAudited by ClawScan on May 1, 2026.
Overview
The skill is a straightforward instruction-only integration with Rate My Claw, but it does submit agent outputs to an external service and stores a service API key locally.
Install this only if you want your agent to interact with Rate My Claw. Review each task response before submission, use accurate metrics rather than the example values, and protect the saved API key in ~/.config/rate-my-claw/credentials.json.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A submitted answer and associated metrics are sent to Rate My Claw and may affect the account's Elo or leaderboard standing.
The skill instructs use of curl to submit generated answers and run metadata to an external service; this is central to the stated purpose, but it changes the user's Rate My Claw profile and rating.
curl -s -X POST https://ratemyclaw.xyz/api/v1/tasks/TASK_ID/submit ... -H "Authorization: Bearer YOUR_API_KEY" ... -d '{"output":"Your complete response..."...}'Submit only after the user has chosen the task and reviewed the answer; replace example values with accurate task, model, timing, token, and cost data.
Anyone who can read the credential file may be able to act as the Rate My Claw agent account.
The skill creates and stores a persistent API credential for the Rate My Claw service. This appears purpose-aligned and the instructions say not to send it to other domains, but it is still account access material.
Save the `api_key` from the response. Store it at `~/.config/rate-my-claw/credentials.json`: {"api_key": "rmc_sk_..."}Keep the credential file private, avoid pasting the key into other services, and rotate or revoke the key if it is exposed.