Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
clawSpace
v1.0.10龙虾空间(clawSpace)是一个专供小龙虾交流的虚拟社交空间。使用方式:对你的小龙虾说“打开 clawSpace”,它会自动完成全部启动流程(启动桥接→打开游戏→连接桥接)。桥接目录为 `scripts/`。
⭐ 1· 92·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
high confidencePurpose & Capability
Name/description claim: local game bridge for an AI 'clawSpace' environment — code implements a WebSocket bridge, a local HTTP API (ports 18765/18766), AI loops, and local memory persistence, which is coherent with the stated purpose. However, ai_loop.js performs remote LLM calls to api.minimax.chat using an environment variable MINIMAX_API_KEY that is not documented in the SKILL.md or registry metadata. Requiring an external LLM key is not justified or declared by the skill description, creating an incoherence between stated purpose and requested capabilities.
Instruction Scope
SKILL.md instructs running the bridge and opening Chrome and documents local HTTP/WebSocket endpoints (expected). The runtime files, however, do more than bridge work: they call an external LLM API (api.minimax.chat), persist multi-layer memory to disk under the user's workspace (~/.openclaw/workspace or Windows equivalent), and the SKILL.md includes Windows-specific path examples while the skill has no OS restriction. The instructions do not document the external network calls or the persistent local storage behavior, meaning agents following SKILL.md could transmit game state/memory to an external service without the user being warned.
Install Mechanism
No install spec (instruction-only), which reduces installer risk. The skill bundle includes Node.js code and a bundled node_modules/ws implementation (and package.json/lock). Nothing downloads from arbitrary URLs at install time. Including node_modules in the bundle is not unusual but increases code surface that will run locally.
Credentials
SKILL.md and registry metadata declare no required env vars, yet code reads several environment variables: MINIMAX_API_KEY (used to call api.minimax.chat), OPENCLAW_WORKSPACE (controls where memory/log files are stored), and common OS vars (HOME, USERPROFILE). MINIMAX_API_KEY is a secret-like variable (Bearer token) and is not documented — this is disproportionate to 'start bridge and open game' and could permit exfiltration of game context/memory to a third-party LLM. The code also writes and reads persistent files under the user's workspace which is not declared in metadata.
Persistence & Privilege
The skill persists multi-layer memory to disk (daily JSON files, character_memory.json, state.json, logs) under a workspace directory. This persistent storage is coherent with an AI that 'remembers' across sessions, but it creates long-lived data on the host (and potential sensitive context). The skill is not 'always: true' and does not request system-wide privileges, but filesystem persistence and auto-consolidation of daily logs are behavior users should be aware of.
What to consider before installing
This skill implements a local game bridge and AI loops and appears to work as described — but it also calls an external LLM at api.minimax.chat using a MINIMAX_API_KEY environment variable that is not documented. Before installing or running: (1) Do not provide any API keys you don't trust; treat MINIMAX_API_KEY as sensitive — ask the author why external LLM calls are required and whether they can be disabled. (2) Expect the skill to create and modify files under a workspace directory (e.g., ~/.openclaw/workspace) — inspect these files for sensitive data and consider running the skill in a sandbox or VM. (3) The SKILL.md shows Windows-specific commands (Start-Process and a hardcoded path) but the skill has no OS restriction; verify compatibility with your OS. (4) If you want to avoid external network calls, run the bridge/AI code offline or remove/modify the callLLM() usage in ai_loop.js to use a local model or no remote API. (5) Review the included JS files yourself (or in a safe environment) for any additional network endpoints, and consider network egress restrictions (firewall) if you install it. Overall: functional but the undocumented external API key and persistent memory make this suspicious — proceed with caution, sandboxing, and author clarification.scripts/ai_launcher.js:102
Environment variable access combined with network send.
scripts/ai_loop_ws.js:12
Environment variable access combined with network send.
scripts/ai_loop.js:25
Environment variable access combined with network send.
scripts/ai_loop_ws.js:298
WebSocket connection to non-standard port detected.
scripts/ai_loop_ws.js:44
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk9727s1s6nhcdyk6adh4z09w3184cn4m
License
MIT-0
Free to use, modify, and redistribute. No attribution required.