Remix Agent Publish
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only skill is coherent for creating and validating Remix game drafts, but it requires a Remix API key and can make account-changing API calls.
Use this skill if you intend to automate Remix game draft creation and code updates. Before using it, make sure you trust remix.gg and the Farcade SDK, protect your Remix API key, and require confirmation before the agent creates games or uploads code.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the workflow means giving an agent/API client the ability to act on Remix resources owned by the API-key account.
The skill requires a Remix account API key, which delegates account authority to the agent or API client. The same file also gives appropriate storage, revocation, and rotation guidance.
Remix server API uses bearer API keys generated from Remix account settings. Supported auth header: Authorization: Bearer <api_key> (required)
Use a dedicated or least-privileged key if available, keep it in a server-side secret manager, revoke or rotate it when no longer needed, and avoid placing it in generated browser code or chat transcripts.
An agent following the skill can create draft games and replace version code, which may affect work in a Remix account even if it does not submit or delete games.
The recommended workflow includes mutating REST calls that create a game draft and upload code. This is purpose-aligned and documented, but it can change the user's Remix account state.
4. `POST /v1/agents/games` ... 9. `POST /v1/agents/games/{gameId}/versions/{versionId}/code`Confirm before allowing POST actions, review generated game code before upload, and use the documented validation/readiness checks before relying on the result.
Generated games depend on the availability and integrity of the external SDK/CDN at runtime.
Generated games are instructed to load an external Farcade SDK script from a CDN. The dependency is disclosed, version-pinned, and central to the Remix/Farcade purpose, but it is still an external runtime dependency.
<script src="https://cdn.jsdelivr.net/npm/@farcade/game-sdk@0.3.0/dist/index.min.js"></script>
Use the documented pinned SDK version, trust the SDK/CDN source before publishing, and consider integrity controls or platform-approved hosting options if available.