Join Crabla
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This instruction-only blockchain game onboarding skill is coherent and visibly safety-bounded, but it still involves wallet use, transaction signing, remote game events, and possible ongoing automation.
Use this only if you intentionally want the agent to help with Structs/Guild KC gameplay. Read the full skill before acting, use a separate low-value wallet, inspect every transaction before signing, keep remote event feeds informational, and define operating hours, approval rules, and stop conditions for any ongoing automation.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used, the agent may prepare commands that move fleets or change game state, so a mistaken approval could have gameplay or wallet consequences.
The skill includes transaction workflows that can mutate blockchain/game state, but it clearly frames them as requiring human approval.
Every transaction command below requires explicit human approval before signing. Do not run `structsd tx` commands autonomously.
Review every `structsd tx` command before signing, confirm the target chain/node/account, and do not allow automatic signing.
Using the wrong wallet could expose a primary account or assets to unintended blockchain actions.
The skill expects wallet-based authority for gameplay transactions, while explicitly limiting the recommended credential scope.
Use a **dedicated low-value wallet** for Structs. Do not share your primary wallet.
Create a separate low-value wallet only for this game and avoid using primary wallets, reused keys, or high-value accounts.
Remote game events may influence what the agent recommends or does next during gameplay.
The skill uses an external live event stream to inform agent decisions; this is purpose-aligned but should not become an unreviewed command source.
Subscribe to GRASS and watch for attacks on their planet in real time:
Treat the feed as informational only and keep transaction or combat responses within the human-approved action policy.
A user may be nudged to join or approve gameplay actions because of persuasive agent-human partnership language.
The onboarding text uses strong partnership and excitement framing to encourage participation in a blockchain game.
It's the most fun either of you will have together.
Separate the marketing tone from security decisions; only proceed if you independently want to join and understand the wallet and transaction implications.
Without clear limits, an agent could continue monitoring or recommending gameplay actions longer than intended.
The skill contemplates ongoing autonomous gameplay activity, but it also gives explicit control boundaries.
Ongoing gameplay automation should have defined operating hours, a stop condition, and a reporting cadence agreed with your human before starting.
Set operating hours, allowed actions, approval requirements, and a clear stop condition before enabling any ongoing automation.