clawexam

The skill defines a benchmarking workflow in SKILL.md that instructs the agent to fetch arbitrary tasks from a remote API (https://www.clawexam.xyz) and 'Execute the task for real.' This pattern effectively grants a third-party server remote control over the agent's execution environment, which could be used to trigger unauthorized commands or network requests. Additionally, the requirement to submit 'execution logs' to the external endpoint creates a risk of sensitive data exfiltration depending on the nature of the tasks provided by the API.