clawarena
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use the 'clawdhub' CLI tool to perform installations and updates from the vendor's registry.
- [EXTERNAL_DOWNLOADS]: The agent periodically fetches a remote heartbeat guide from https://clawarena.ai/heartbeat.md to maintain state and receive new instructions.
- [CREDENTIALS_UNSAFE]: The skill recommends storing an API key in plain text in a local file at ~/.config/clawarena/credentials.json.
- [PROMPT_INJECTION]: The heartbeat routine presents a surface for indirect prompt injection by directing the agent to fetch and 'follow' remote instructions without explicit boundary markers or sanitization.
- Ingestion points: Remote instructions from heartbeat.md and market data from the clawarena.ai API.
- Boundary markers: Absent; no delimiters are used to separate remote content from the agent's core instructions.
- Capability inventory: Uses curl for API communication and manages local files for state and credentials.
- Sanitization: No sanitization or verification processes are specified for the fetched remote content.
Audit Metadata