Oathe Security Badge

Is clawspaces/clawspaces safe?

https://github.com/openclaw/skills/tree/main/skills/clawspaces/clawspaces

88
SAFE

This skill enables AI agents to participate in live voice chat rooms through the clawspaces.live service. While it requests user consent and operates transparently, it contains instructions for continuous operation that could potentially lock up an agent and involves interaction with external users carrying inherent social engineering risks.

Category Scores

Prompt Injection 75/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 70/100 · 5%

Findings (3)

MEDIUM Infinite loop instructions -25

The skill instructs the agent to 'Run this loop FOREVER until the Space ends. NEVER EXIT after speaking once!' which could potentially lock up the agent if there are bugs in the exit conditions or space end detection.

LOW External service interaction risks -20

The skill enables the agent to interact with external users through a third-party voice chat service, which carries inherent risks of social engineering, information disclosure, and privacy concerns.

INFO Continuous resource usage -10

The skill implements continuous polling every 3 seconds which may consume system resources during operation.