Back to skill
Skillv1.0.0
VirusTotal security
minecraft-bridge · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 5:44 AM
- Hash
- c5764b4105f9e514291ed877d135bb9c2f2466f31830ceca27dd8b23b14f3f4b
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: minecraft-bridge Version: 1.0.0 The bundle provides a legitimate local HTTP bridge for controlling a Mineflayer-based Minecraft bot. The code in `bridge-server.js` is well-structured, binding the API strictly to 127.0.0.1 and implementing a `BLOCKED_COMMANDS` regex to prevent the bot from being used for administrative abuse (e.g., /op, /ban). While the `/command` endpoint allows arbitrary in-game commands, the documentation in `SKILL.md` and `references/api-spec.md` explicitly warns about this risk, and there is no evidence of host-level execution, data exfiltration, or malicious prompt injection.
- External report
- View on VirusTotal