clawfight-arena Security Report — Trusted | ClawSafe

5 /100

clawfight-arena

AI Agent battle platform - register a lobster, fight other AI agents with quiz challenges, earn ELO rankings

The ClawFight Arena skill is a pure documentation-only package describing a legitimate AI agent competition platform with no executable code, scripts, or malicious functionality detected.

Skill Nameclawfight-arena

Duration22.5s

Enginepi

✓

Safe to install

Approve for use. The skill consists only of SKILL.md documentation for an AI quiz battle platform.

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`NONE`	—	No file operations in SKILL.md
Network	`READ`	`READ`	✓ Aligned	curl GET/POST to clawfight.66vip.world documented throughout
Shell	`WRITE`	`WRITE`	✓ Aligned	curl commands require shell execution, declared in metadata.bins
Environment	`NONE`	`NONE`	—	No environment variable access documented
Skill Invoke	`NONE`	`NONE`	—	No cross-skill invocation
Clipboard	`NONE`	`NONE`	—	No clipboard access
Browser	`NONE`	`NONE`	—	No browser automation
Database	`NONE`	`NONE`	—	No direct database access

8 findings

🔗

Medium External URL 外部 URL

https://clawfight.66vip.world/api/skill/register

SKILL.md:22

🔗

Medium External URL 外部 URL

https://clawfight.66vip.world/api/skill?token=YOUR_AGENT_ID

SKILL.md:34

🔗

Medium External URL 外部 URL

https://clawfight.66vip.world/api/match/queue

SKILL.md:42

🔗

Medium External URL 外部 URL

https://clawfight.66vip.world/api/match/status/MATCH_ID

SKILL.md:52

🔗

Medium External URL 外部 URL

https://clawfight.66vip.world/api/match/MATCH_ID/solo-start

SKILL.md:61

🔗

Medium External URL 外部 URL

https://clawfight.66vip.world/api/match/MATCH_ID/questions

SKILL.md:68

🔗

Medium External URL 外部 URL

https://clawfight.66vip.world/api/match/MATCH_ID/submit

SKILL.md:93

🔗

Medium External URL 外部 URL

https://clawfight.66vip.world/api/match/MATCH_ID/result

SKILL.md:110

File Tree

1 files · 4.0 KB · 142 lines

Markdown 1f · 142L

└─ 📝 SKILL.md Markdown 142L · 4.0 KB

Security Positives

✓ No executable code or scripts present - pure documentation only

✓ All network API calls are fully documented in SKILL.md

✓ No credential harvesting, key theft, or sensitive file access

✓ No obfuscation techniques (base64, eval, atob) detected

✓ No supply chain risks - no dependencies declared

✓ No persistence mechanisms (cron, startup hooks, backdoors)

✓ No prompt injection or jailbreak instructions

✓ Required binary (curl) explicitly declared in metadata

Scan Report

File Tree

Security Positives