Minijuegos LeChuck SDK
v1.0.5Integrate Minijuegos.com (Miniplay) LeChuck JS SDK into HTML5 games. Use when a user wants to: (1) add Minijuegos/Miniplay platform integration to a game, (2...
⭐ 0· 90·0 current·0 all-time
byAlfredo Bárcena@dreadterror
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (LeChuck SDK integration, auth, achievements, leaderboards) match the declared environment variables and the SKILL.md content. MINIPLAY_API_ID, MINIPLAY_API_KEY, and JWT_SECRET are expected for token validation, server-side write operations, and session handling.
Instruction Scope
SKILL.md stays on-topic: it shows how to include the vendor SDK, handle auth flow, validate tokens with Minijuegos APIs, implement nginx headers/redirects, and provide backend examples. It does not instruct reading unrelated files or exfiltrating data beyond the Minijuegos endpoints. It explicitly warns not to expose server secrets in client code.
Install Mechanism
There is no install spec and no bundled code to write to disk. The only external dependency is an instruction to load the official Minijuegos vendor script from a third-party domain, which is expected for this skill.
Credentials
Requested env vars are proportional: a public API_ID, a server-side write secret (MINIPLAY_API_KEY), and a JWT_SECRET for session tokens. The SKILL.md documents the sensitivity and proper server-only usage of MINIPLAY_API_KEY and JWT_SECRET.
Persistence & Privilege
The skill does not request always-on inclusion, does not modify other skills or system settings, and contains no installation steps that would persist code or credentials on the agent.
Assessment
This skill appears coherent and focused, but follow best practices before use: 1) Keep MINIPLAY_API_KEY and JWT_SECRET strictly server-side (never include in client bundles or URLs). 2) Verify the SDK URL with an official Minijuegos contact and consider hosting the SDK yourself or using Subresource Integrity (SRI) / strict Content Security Policy to reduce supply-chain risk. 3) Apply the recommended nginx COEP/COOP headers and preserve query params as shown to avoid losing mp_api_user_id. 4) Use HTTPS, HttpOnly/secure cookies, and rate-limit/validate incoming requests on your backend. 5) Confirm which write model (client SDK vs server-to-server) your Minijuegos plan supports so you handle MINIPLAY_API_KEY correctly. If any part of the SKILL.md or the SDK URL looks different from official Minijuegos documentation, contact Minijuegos support or request the official SDK source before deploying.Like a lobster shell, security has layers — review code before you run it.
latestvk970h2fb03ypjemvc1gv9aaeps83pk6t
License
MIT-0
Free to use, modify, and redistribute. No attribution required.