Back to skill
Skillv1.0.0
ClawScan security
minecraft-building-server · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 10, 2026, 5:24 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements and instructions match its stated purpose (Minecraft build-server workflows); it is an instruction-only pack and does not request unrelated credentials or installs.
- Guidance
- This skill appears coherent and focused on in-server building workflows. Before installing: 1) Note it is instruction-only (the agent may suggest commands or scripts but does not include code to run). 2) When asking about automation (bots, RCON, OP commands), confirm you control the server — do not deploy bots or use RCON on third-party/public servers without explicit admin permission. 3) If you plan to run any suggested scripts or bots, inspect the upstream repository and any code you obtain before executing it on your machine. 4) The skill's homepage is provided; review that source if you need implementation-level assurances. If you want stronger guarantees (e.g., signed releases or vetted packages), request a skill that includes audited code or an install spec from a well-known package host.
Review Dimensions
- Purpose & Capability
- okName/description describe build-focused workflows (FAWE, Mineflayer, Litematica, material pipelines). The SKILL.md and reference files provide only guidance relevant to those topics and do not request unrelated binaries, environment variables, or system access.
- Instruction Scope
- okRuntime instructions stay within build workflows (FAWE pastes, bot-assisted construction, farm pipelines). The skill explicitly requires confirming self-hosted vs public-server context before giving permission-sensitive automation advice and lists prohibited behaviors (anti-cheat bypass, unauthorized bot deployment). It references RCON and scripts only in the context of servers the user controls.
- Install Mechanism
- okNo install spec and no code files — instruction-only. Nothing is downloaded or written to disk by the skill itself.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. References to RCON, OP, and bots are contextual and accompanied by safety guidance about server ownership and permissions.
- Persistence & Privilege
- okThe skill is not always-enabled and has no special persistence. Autonomous invocation is allowed by default (platform behavior) but this skill does not request elevated system privileges or cross-skill configuration changes.