The Arena — AI Debate Moderator

Turn a Discord server into a moderated debate arena with an AI judge. Supports multiple debate formats, configurable personas, scored verdicts, and a persist...

This skill appears coherent for running an AI debate moderator on Discord, but take these precautions before installing: - Inspect the bundled scripts (scripts/setup.sh and scripts/scoreboard.sh) line-by-line. Verify they do not make network calls (curl, wget, git, nc, ssh) or write outside the skill workspace. The SKILL.md claims they do not, but you should confirm. - Do not apply any generated config.patch without manual review. The SKILL.md warns that agents.list and bindings arrays are replaced entirely; ensure the patch preserves existing agents/bindings and channel entries. - Run the skill in an isolated agent as recommended (fs.workspaceOnly, exec denied, limited tools). This limits blast radius if the skill or messages attempt injection. - Be careful with requireMention=false on the arena channel: it exposes all messages to the moderator (higher token usage and broader data exposure). If privacy/cost is a concern, set requireMention:true. - Verify the Discord bot already has only the minimum permissions you’re willing to grant (avoid granting Manage Roles unless necessary). - If you want stronger assurance, share the exact contents of the two scripts and any portions of SKILL.md you plan to automate; I can review them for network calls, credential access, or other red flags. If you review the scripts and confirm they’re workspace-only and network-free, this skill is internally consistent and reasonable to use under the recommended isolation model.

Type: OpenClaw Skill Name: the-arena Version: 1.3.0 The skill bundle is classified as suspicious due to significant vulnerabilities in its shell scripts, despite strong security recommendations in its documentation. The `scripts/scoreboard.sh` file is vulnerable to SQL injection because it constructs SQLite queries using unsanitized user input (e.g., winner, loser, topic) via string concatenation. Additionally, `scripts/setup.sh` is vulnerable to prompt injection (against the AI agent) and config injection (against the OpenClaw gateway) as it directly inserts user-provided input into the `AGENTS.md` template and generated config snippets without sanitization. While the documentation (`SKILL.md`, `references/agents-template.md`, `references/setup-guide.md`) explicitly advises running the agent with strict tool restrictions (`exec.security: "deny"`, `fs.workspaceOnly: true`) and requires manual review of generated configurations, these are mitigating factors for existing vulnerabilities, not a complete prevention of their exploitation.