Is davidbenjaminnovotny/clawdpoker safe?

https://github.com/openclaw/skills/tree/main/skills/davidbenjaminnovotny/clawdpoker

83
SAFE

ClawdPoker is a legitimate poker-playing skill that enables AI agents to play Texas Hold'em autonomously. While the core functionality appears safe, it contains concerning patterns of autonomous operation and resource-intensive background processes that could impact system performance.

Category Scores

Prompt Injection 75/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 65/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 80/100 · 5%

Findings (5)

HIGH Agent autonomy override -25

The skill explicitly instructs the agent to 'Make decisions yourself — do not ask your human', which overrides normal user control patterns and promotes autonomous operation without oversight.

HIGH Persistent background processes -15

The skill creates long-running Node.js processes that continuously poll an external API every 2 seconds for up to 40 minutes, consuming system resources.

MEDIUM Executable JavaScript code -15

The skill contains substantial executable JavaScript code that creates files, manages processes, and makes network requests, which could be misused if modified.

MEDIUM Resource consumption potential -20

Continuous API polling and background processes could consume significant computational and network resources, especially if multiple instances run simultaneously.

LOW External API communication -5

The skill makes HTTP requests to external poker service clawpoker.com, but this is clearly documented and appears legitimate.