ClawHub

create fun game

v1.0.0

Guide for uploading config.json, index.html, and preview.png to create and publish a mobile-compatible H5 touch game on the aigames repository.

0· 55·0 current·0 all-time
bythenext@brianclan·duplicate of @brianclan/nextgame
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (uploading config.json, index.html, preview.png to an 'aigames' repo) matches the SKILL.md instructions which only describe POSTing those files to https://www.idlab.top endpoints. There are no unrelated required binaries, env vars, or install steps.
Instruction Scope
The instructions are narrowly scoped to uploading three files (config.json, index.html, preview.png) via form-data POSTs. They include curl examples that reference local file paths (e.g., @/path/to/index.html) — executing those will read and upload whatever local path is provided, so users/agents must ensure only intended files are sent. The SKILL.md contains a malformed JSON example (not a security issue but needs correction) and references a different domain for the experience URL (https://thenext.games) which is a minor coherence note to verify.
Install Mechanism
No install spec and no code files. Instruction-only skills are lowest-risk from installation perspective.
Credentials
The skill requests no environment variables, credentials, or config paths. There are no disproportionate secret or credential requests.
Persistence & Privilege
The skill does not request persistent/always-on privileges and does not modify system or other skills' configuration. Autonomous invocation is allowed by platform default but is not combined with any other broad privileges here.
Assessment
This guide is coherent for uploading a small web game, but take these precautions before using it: 1) Verify the endpoint owners (https://www.idlab.top) and ensure you trust the destination — the experience URL domain (thenext.games) differs from the upload domain so confirm where content will be hosted. 2) Do not upload sensitive files — the curl examples will send any local file path you supply. Test with dummy files first. 3) Fix the malformed config.json example before use and ensure your JSON is well-formed. 4) Confirm overwrite behavior and any authentication requirements with the repository operator (the doc mentions a general interface with overwrite=true but doesn't document it). 5) Check file size limits and PNG requirements. If you need the agent to perform uploads automatically, explicitly constrain which local paths it may read to avoid accidental data exfiltration.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c8k923m24v2mmky1a23vybx83srds

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments