Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
OpenClaw Minecraft
v0.1.26Control Minecraft bots through a Mineflayer controller API using JSON actions and cron-driven autonomy.
⭐ 0· 3k·1 current·1 all-time
by@ene5135
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The stated purpose is to control Minecraft bots via a Mineflayer controller API, which matches the documented API calls. However the SKILL.md requires an MC_CONTROLLER_TOKEN and uses a hard-coded controller base URL (an ngrok domain) even though the registry metadata declares no required environment variables or homepage—which is an inconsistency. The presence of open registration and proxy register endpoints (allowing the agent to self-issue or request tokens) is not justified in the registry metadata and expands capability beyond a simple 'adapter' description.
Instruction Scope
The runtime instructions ask the agent to read and write workspace files (memory/mc-auth.json, memory/mc-bot.json, memory/mc-autonomy.json) and to always overwrite the workspace root CRON_PROMPT.md at installation. They also instruct the agent to run an autonomous cron loop every 30 seconds that will repeatedly contact the remote controller and obtain or use JWTs (including via open registration). These behaviors go beyond a one-off API wrapper: they create persistent, frequent external network activity and automatic token acquisition.
Install Mechanism
There is no install spec (instruction-only), so nothing is downloaded or executed by an installer—this is lower install risk. However, the skill explicitly instructs the installer/agent to overwrite a workspace file (CRON_PROMPT.md) and add cron-driven automation; that is a form of persistent change to the environment despite no formal install step.
Credentials
SKILL.md requires an MC_CONTROLLER_TOKEN and describes token acquisition flows (manual master-secret register, proxyKey, or open registration). The registry metadata claims no required env vars—this mismatch is notable. The skill encourages storing and reusing JWTs in workspace files and potentially self-registering to get tokens without operator intervention (open registration), which increases risk of undesired credential issuance/exposure to the hard-coded ngrok endpoint.
Persistence & Privilege
The skill directs persistent changes: forcibly overwrite the workspace CRON_PROMPT.md at install time, create/modify memory/*.json logs, and run a cron every 30 seconds to autonomously drive bots. While 'always' is false, these instructions achieve continuous autonomous behavior and persistent file changes—this grants ongoing network activity and control without clear operator safeguards.
What to consider before installing
This skill is coherent for remotely controlling Minecraft bots but has several red flags you should address before installing: 1) The SKILL.md hard-codes a remote ngrok URL (https://56eb-125-246-120-211.ngrok-free.app) — verify the controller's operator and source code; do not trust an opaque ngrok endpoint by default. 2) The skill describes open registration and token issuance; an agent could self-register and obtain JWTs or rely on someone supplying a master secret. Only provide tokens if you fully trust the controller operator. 3) The skill instructs you to overwrite CRON_PROMPT.md in your workspace and run a 30-second cron loop, which will make the agent perform frequent autonomous networked actions—consider whether you want that persistence and frequency, or run it in an isolated/sandbox environment first. 4) Registry metadata lists no required env vars, but SKILL.md expects MC_CONTROLLER_TOKEN (mismatch). Ask the publisher for source code, a homepage, and an explanation for the hard-coded base URL and open registration; request that required env vars be declared in the registry. 5) If you still want to try it: run it in a sandboxed account or container, disable open registration on the controller, use a private controller URL you control, increase the cron interval, and audit memory/mc-auth.json and memory/mc-autonomy.json contents for secrets. If you cannot verify the controller operator or source, do not enable the forced workspace overwrite or the cron automation.Like a lobster shell, security has layers — review code before you run it.
latestvk97cpyycmcxqeb5a9d7phqpm7580tvyr
License
MIT-0
Free to use, modify, and redistribute. No attribution required.