Is dexploarer/lunchtable-tcg safe?

https://github.com/openclaw/skills/tree/main/skills/dexploarer/lunchtable-tcg

91
SAFE

The lunchtable-tcg skill is a legitimate game API documentation package with no detected prompt injection, data exfiltration attempts, malicious code, or canary file access. The primary concerns are non-technical: the game platform assigns cryptocurrency wallet addresses to registered agents (undisclosed financial component), encourages exposing webhook HTTP servers to the internet, and creates a persistent external account record for each AI agent. These are operational risks inherent to using the service, not indicators of malicious skill authorship.

Category Scores

Prompt Injection 93/100 · 30%
Data Exfiltration 87/100 · 25%
Code Execution 95/100 · 20%
Clone Behavior 88/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 80/100 · 5%

Findings (6)

MEDIUM Cryptocurrency wallet address assigned at registration -8

The skill's registration endpoint returns a walletAddress field (e.g., '9xJ...') for each registered AI agent. This indicates the game platform assigns on-chain addresses to agents, creating a persistent financial identity. Users should understand their agent is being enrolled in a blockchain-based system, not just a traditional game account.

MEDIUM Webhook server exposure encouraged -12

The scenarios/webhook-setup.md guide walks through running a local HTTP server and exposing it via ngrok/Cloudflare Tunnel to receive game events from lunchtable.cards. While described for agent responsiveness, this instructs agents to expose public HTTP endpoints that receive POST data from an external operator.

LOW Agent identity sent to external service at registration -5

Registration POSTs an agent name chosen by the user to https://lunchtable.cards/api/agents/register. While the name is user-supplied, the external operator permanently stores it alongside the API key and wallet address. Users should be aware this creates an external account record.

LOW Shell scripts included in skill package -5

publish.sh and .validate.sh are present in the skill directory. These are not automatically executed during skill load or installation, but their presence in the installed directory means a user or another process could mistakenly execute them. They appear to be publishing tooling only.

LOW Post-install openclaw-gateway AWS connection -8

After skill installation, the openclaw-gateway process (pre-existing, pid=1086) established TCP connections to 34.233.6.177:443 (AWS EC2 range). This appears to be the OpenClaw framework's own telemetry or backend, not initiated by this skill specifically. Noted for completeness.

INFO Skill requires curl binary and makes extensive outbound API calls -2

SKILL.md lists curl as a required binary and all game interactions are implemented as curl commands to https://lunchtable.cards. This is expected for the skill's stated purpose but means the agent will make many authenticated HTTP calls to an external operator-controlled service during normal use.