Back to skill
Skillv1.1.0
ClawScan security
OpenRA-RL · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 28, 2026, 7:34 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill largely behaves like a Docker-hosted game agent (which matches its description) but has inconsistencies in its install instructions and relies on Docker (a high-privilege subsystem), so you should verify the package/source and Docker image before installing.
- Guidance
- Before installing: (1) Confirm the package source — check the referenced GitHub repo (https://github.com/yxc20089/OpenRA-RL) and the distribution method (is the package on PyPI, or a custom 'uv' repo?). (2) Verify what Docker image will be pulled and its registry; inspect the Dockerfile or image contents if possible. (3) Avoid exposing your Docker socket or mounting sensitive host paths when running the server; run initially in an isolated user or VM. (4) Resolve the install mismatch (pip vs 'uv') — ask the author or check the project README, and prefer installing from a verifiable source. (5) If you’re not comfortable auditing the package and image, run the skill only in a disposable environment (container/VM) to limit risk.
Review Dimensions
- Purpose & Capability
- noteThe name/description (play Red Alert via MCP tools) matches the declared requirements (docker). However SKILL.md's Quick Start recommends `pip install openra-rl` while the registry install spec lists an 'uv' package that creates an `openra-rl` binary — this mismatch is unexplained and should be clarified.
- Instruction Scope
- okRuntime instructions are scoped to running a Docker-hosted game server, adding an MCP entry to ~/.openclaw/openclaw.json, and using MCP observation/control tools. The instructions do not ask for unrelated files or credentials. They do instruct running container images and binding to port 8000 (expected for a server).
- Install Mechanism
- concernNo code files were provided and the registry lists an 'uv' install (package: openra-rl) that creates a binary, but SKILL.md tells users to `pip install openra-rl`. The install mechanism/source is therefore ambiguous. 'uv' is not a well-known public installer in this context — verify where the package comes from and whether the Docker image it pulls is from a trusted registry.
- Credentials
- noteThe skill requests no environment variables or credentials, which is proportionate. However it requires the docker binary: controlling Docker (or being able to start containers) implies access to the Docker daemon which can be a powerful privilege — confirm how containers are started (does the tool mount host paths or the docker socket?) before trusting it.
- Persistence & Privilege
- okalways is false and the skill does not request persistent/automatic inclusion. The only persistent action it asks the user to perform is editing the OpenClaw config (~/.openclaw/openclaw.json) to register the MCP server — this is expected for an integration.