Structs Guild Stack
ReviewAudited by ClawScan on May 14, 2026.
Overview
The skill is coherent and safety-aware, but it asks you to run a persistent external Docker stack with optional MCP and transaction-signing components, so you should review and keep it scoped.
This appears safe to use as a read-only local indexing stack if you are comfortable running Docker services. Before installing, clone only the intended repository, choose a specific release tag, review the Compose file, start only the read-only services by default, and do not enable MCP or transaction signing unless you understand their permissions.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What actually runs on your machine depends on the external repository and chosen release tag.
The setup runs an upstream Docker Compose project that is not included in the reviewed artifact set. The skill mitigates this by telling users to pin a release tag and review the compose file.
git clone https://github.com/playstructs/docker-structs-guild ... git checkout <latest-tag>
Use a specific trusted release tag, inspect docker-compose.yml and image sources before starting services, and avoid tracking main unless actively developing.
Starting the stack can download and run container images locally.
The core workflow executes Docker containers. This is expected for a Docker-based local node/database stack, but it is still local code execution.
docker compose up -d structsd structs-pg structs-grass
Run it only in an environment where Docker workloads are acceptable, and review the compose file and images first.
The node, PostgreSQL, and event services may keep consuming resources and exposing local ports after setup finishes.
The skill explicitly discloses persistent background services. This persistence is purpose-aligned but important for users to understand.
"Starts a background fleet of containers. They keep running after this command returns."
Monitor running containers and stop them with Docker Compose when not needed.
If enabled and configured with keys, the signing agent could authorize game/blockchain transactions.
The stack includes an optional transaction-signing component that could use wallet keys if enabled. The artifact clearly warns users and keeps it out of the recommended read-only default.
Transaction signing agent — only started when you opt in. "Do not configure with keys until you have read its code and understood what it will sign on your behalf."
Leave the signing agent disabled unless necessary, review its code first, and use tightly scoped or low-risk keys where possible.
If exposed beyond localhost, other processes or network users might interact with the stack through MCP.
An optional MCP server is available for agent/tool communication. The skill appropriately advises local-only binding and opt-in use.
MCP server (port 3000) — only started when you opt in. Bind to 127.0.0.1 in your Compose override.
Keep MCP disabled unless needed and bind it to 127.0.0.1 rather than a public interface.
Malicious or misleading player-controlled text could influence an agent if treated as trusted instructions.
Database results may contain player-controlled content that an agent could later read or summarize. The skill explicitly warns that these fields remain untrusted.
Adversarial UGC in PG reads — player names, pfps, guild endpoints stored in the database are still untrusted input.
Treat database values as data only, not instructions, and sanitize or quote untrusted fields when using them in prompts.