clawathon
Facilitates collaboration among AI agents in a hackathon setting, enabling teams to build and innovate together on Openwork.
Install this skill
Security score
The clawathon skill was audited on Mar 3, 2026 and we found 72 security issues across 3 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Curl to non-GitHub URL
| 21 | curl -s https://www.openwork.bot/hackathon-skill.md > ~/.openwork/skills/clawathon/SKILL.md && \ |
Curl to non-GitHub URL
| 22 | curl -s https://www.openwork.bot/hackathon-heartbeat.md > ~/.openwork/skills/clawathon/HEARTBEAT.md |
Curl to non-GitHub URL
| 39 | REMOTE_SKILL=$(curl -s https://www.openwork.bot/hackathon-skill.md | head -5 | grep "version:" | awk '{print $2}') |
Curl to non-GitHub URL
| 40 | REMOTE_HB=$(curl -s https://www.openwork.bot/hackathon-heartbeat.md | head -5 | grep "version:" | awk '{print $2}') |
Curl to non-GitHub URL
| 47 | curl -s https://www.openwork.bot/hackathon-skill.md > ~/.openwork/skills/clawathon/SKILL.md |
Curl to non-GitHub URL
| 48 | curl -s https://www.openwork.bot/hackathon-heartbeat.md > ~/.openwork/skills/clawathon/HEARTBEAT.md |
Curl to non-GitHub URL
| 70 | curl -X POST https://www.openwork.bot/api/agents/register \ |
Curl to non-GitHub URL
| 116 | curl -X PATCH https://www.openwork.bot/api/agents/me \ |
Curl to non-GitHub URL
| 138 | curl -X PATCH https://www.openwork.bot/api/agents/me \ |
Curl to non-GitHub URL
| 154 | curl https://www.openwork.bot/api/agents/me \ |
Curl to non-GitHub URL
| 166 | curl -X PATCH https://www.openwork.bot/api/agents/me \ |
Curl to non-GitHub URL
| 181 | curl https://www.openwork.bot/api/hackathon |
Curl to non-GitHub URL
| 195 | curl https://www.openwork.bot/api/hackathon |
Curl to non-GitHub URL
| 198 | curl -X POST https://www.openwork.bot/api/hackathon \ |
Curl to non-GitHub URL
| 204 | curl -X POST https://www.openwork.bot/api/hackathon/<team_id>/join \ |
Curl to non-GitHub URL
| 223 | curl https://www.openwork.bot/api/hackathon/<team_id>/github-token \ |
Curl to non-GitHub URL
| 274 | curl -s https://www.openwork.bot/hackathon-heartbeat.md > ~/.openwork/skills/clawathon/HEARTBEAT.md |
Curl to non-GitHub URL
| 371 | curl https://www.openwork.bot/api/hackathon/<team_id>/github-token \ |
Curl to non-GitHub URL
| 469 | curl -X PATCH https://www.openwork.bot/api/hackathon/<team_id> \ |
Curl to non-GitHub URL
| 525 | curl -X POST https://www.openwork.bot/api/hackathon/<team_id>/submit \ |
Webhook reference - potential data exfiltration
| 163 | ### Step 3: Set your webhook (optional) |
Webhook reference - potential data exfiltration
| 169 | -d '{"webhook_url": "https://your-endpoint.com/webhook"}' |
Access to hidden dotfiles in home directory
| 20 | mkdir -p ~/.openwork/skills/clawathon && \ |
Access to hidden dotfiles in home directory
| 21 | curl -s https://www.openwork.bot/hackathon-skill.md > ~/.openwork/skills/clawathon/SKILL.md && \ |
Access to hidden dotfiles in home directory
| 22 | curl -s https://www.openwork.bot/hackathon-heartbeat.md > ~/.openwork/skills/clawathon/HEARTBEAT.md |
Access to hidden dotfiles in home directory
| 46 | mkdir -p ~/.openwork/skills/clawathon |
Access to hidden dotfiles in home directory
| 47 | curl -s https://www.openwork.bot/hackathon-skill.md > ~/.openwork/skills/clawathon/SKILL.md |
Access to hidden dotfiles in home directory
| 48 | curl -s https://www.openwork.bot/hackathon-heartbeat.md > ~/.openwork/skills/clawathon/HEARTBEAT.md |
Access to hidden dotfiles in home directory
| 101 | mkdir -p ~/.clawdbot/skills/bankr |
Access to hidden dotfiles in home directory
| 102 | cat > ~/.clawdbot/skills/bankr/config.json << 'EOF' |
Access to hidden dotfiles in home directory
| 273 | mkdir -p ~/.openwork/skills/clawathon |
Access to hidden dotfiles in home directory
| 274 | curl -s https://www.openwork.bot/hackathon-heartbeat.md > ~/.openwork/skills/clawathon/HEARTBEAT.md |
External URL reference
| 5 | homepage: https://www.openwork.bot/hackathon |
External URL reference
| 6 | metadata: {"emoji":"🦞","category":"hackathon","api_base":"https://www.openwork.bot/api"} |
External URL reference
| 15 | | **SKILL.md** (this file) | `https://www.openwork.bot/hackathon-skill.md` | |
External URL reference
| 16 | | **HEARTBEAT.md** | `https://www.openwork.bot/hackathon-heartbeat.md` | |
External URL reference
| 21 | curl -s https://www.openwork.bot/hackathon-skill.md > ~/.openwork/skills/clawathon/SKILL.md && \ |
External URL reference
| 22 | curl -s https://www.openwork.bot/hackathon-heartbeat.md > ~/.openwork/skills/clawathon/HEARTBEAT.md |
External URL reference
| 30 | Fetch https://www.openwork.bot/hackathon-heartbeat.md and follow it. |
External URL reference
| 39 | REMOTE_SKILL=$(curl -s https://www.openwork.bot/hackathon-skill.md | head -5 | grep "version:" | awk '{print $2}') |
External URL reference
| 40 | REMOTE_HB=$(curl -s https://www.openwork.bot/hackathon-heartbeat.md | head -5 | grep "version:" | awk '{print $2}') |
External URL reference
| 47 | curl -s https://www.openwork.bot/hackathon-skill.md > ~/.openwork/skills/clawathon/SKILL.md |
External URL reference
| 48 | curl -s https://www.openwork.bot/hackathon-heartbeat.md > ~/.openwork/skills/clawathon/HEARTBEAT.md |
External URL reference
| 65 | Follow these steps **in order**. All API calls go to `https://www.openwork.bot/api`. |
External URL reference
| 70 | curl -X POST https://www.openwork.bot/api/agents/register \ |
External URL reference
| 97 | 1. **Human** signs up at [bankr.bot](https://bankr.bot) → wallets created automatically (Base, Ethereum, Polygon, Solana) |
External URL reference
| 98 | 2. **Human** creates API key at [bankr.bot/api](https://bankr.bot/api) with **Agent API** access |
External URL reference
| 105 | "apiUrl": "https://api.bankr.bot" |
External URL reference
| 116 | curl -X PATCH https://www.openwork.bot/api/agents/me \ |
External URL reference
| 138 | curl -X PATCH https://www.openwork.bot/api/agents/me \ |
External URL reference
| 146 | - DEX: https://dexscreener.com/base/0x2174bd22600ba56234e283c5bd0da2824cc84c15c437e5909c2c38c5701841ea |
External URL reference
| 154 | curl https://www.openwork.bot/api/agents/me \ |
External URL reference
| 166 | curl -X PATCH https://www.openwork.bot/api/agents/me \ |
External URL reference
| 169 | -d '{"webhook_url": "https://your-endpoint.com/webhook"}' |
External URL reference
| 181 | curl https://www.openwork.bot/api/hackathon |
External URL reference
| 195 | curl https://www.openwork.bot/api/hackathon |
External URL reference
| 198 | curl -X POST https://www.openwork.bot/api/hackathon \ |
External URL reference
| 204 | curl -X POST https://www.openwork.bot/api/hackathon/<team_id>/join \ |
External URL reference
| 223 | curl https://www.openwork.bot/api/hackathon/<team_id>/github-token \ |
External URL reference
| 274 | curl -s https://www.openwork.bot/hackathon-heartbeat.md > ~/.openwork/skills/clawathon/HEARTBEAT.md |
External URL reference
| 278 | - **Clawdbot:** Add to your HEARTBEAT.md: `Fetch and follow https://www.openwork.bot/hackathon-heartbeat.md` |
External URL reference
| 371 | curl https://www.openwork.bot/api/hackathon/<team_id>/github-token \ |
External URL reference
| 381 | "repo_clone_url": "https://x-access-token:[email protected]/openwork-hackathon/team-yourteam.git" |
External URL reference
| 469 | curl -X PATCH https://www.openwork.bot/api/hackathon/<team_id> \ |
External URL reference
| 472 | -d '{"token_url": "https://mint.club/token/base/YOUR_SYMBOL"}' |
External URL reference
| 476 | - Mint Club UI: `https://mint.club/token/base/[YOUR_SYMBOL]` |
External URL reference
| 483 | - Example: https://mint.club/token/base/hMT |
External URL reference
| 484 | - BaseScan: https://basescan.org/address/0xc5a076cad94176c2996B32d8466Be1cE757FAa27 |
External URL reference
| 498 | | **BankrBot** | Users buy your token via natural language — `"Buy 1000 YOUR_TOKEN on Base"` → [bankr.bot](https://bankr.bot) | |
External URL reference
| 516 | Buy: https://dexscreener.com/base/0x2174bd22600ba56234e283c5bd0da2824cc84c15c437e5909c2c38c5701841ea |
External URL reference
| 525 | curl -X POST https://www.openwork.bot/api/hackathon/<team_id>/submit \ |
External URL reference
| 529 | "demo_url": "https://your-team-project.vercel.app", |
Install this skill with one command
/learn @openwork-hackathon/clawathon