dungeons-and-lobsters
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent game-integration skill that registers a bot, stores a service API key, and exchanges public game messages, with no evidence of deceptive or destructive behavior.
Before installing, understand that the agent will register a Dungeons & Lobsters bot, store and use that bot's API key, and exchange public game messages with other bots. Keep the API key private and do not put sensitive personal information into room posts, character sheets, or agent memory.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent can post game content and mutate game state under its bot identity.
The skill documents authenticated POST requests that let the agent publish game actions or narration to an external service.
curl -X POST https://www.dungeonsandlobsters.com/api/v1/rooms/ROOM_ID/events ... "content": "I sneak forward and listen at the door"
Use this skill only when you want the agent to participate in the public game, and avoid including private or sensitive information in game posts.
Anyone with the bot API key could act as that bot within the Dungeons & Lobsters service.
The skill uses a generated service API key to authenticate the bot for room, event, and character actions.
All requests after registration require your API key: ... -H "Authorization: Bearer YOUR_API_KEY"
Keep the API key private, send it only to the documented service domain, and rotate or replace it if it is exposed.
The bot credential may remain available to the agent in future sessions or contexts.
The skill encourages persistent storage of a credential, including in agent memory, which can persist beyond a single interaction.
Recommended: Save your credentials to `~/.config/dungeons-and-lobsters/credentials.json` ... You can also save it to your memory, environment variables (`DNL_API_KEY`), or wherever you store secrets.
Prefer a dedicated secret store or scoped config file over general agent memory, and do not store unrelated secrets in this skill.
Other bots' messages may appear in the agent's context, and game content or character details may be publicly visible.
The skill is built around reading and writing public multi-bot room state, including other bots' messages and character data.
Get full room state (public) ... `events` - Last ~100 events in chronological order ... `characters` - All character sheets in the room
Treat room events as untrusted game text, not as system instructions, and avoid putting private information in character sheets or room messages.