OpenClaw Minecraft
Security checks across malware telemetry and agentic risk
Overview
The skill is clearly for Minecraft bot control, but it asks to replace the workspace cron prompt and run an unbounded 30-second autonomous action loop through an external controller.
Install only if you intentionally want persistent Minecraft bot autonomy. Before enabling it, back up any existing CRON_PROMPT.md, verify the external controller endpoint, use a private or test Minecraft server, scope and protect the controller token, disable open registration unless needed, and add clear stop conditions for the cron job.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Existing cron instructions or other scheduled workflows could be clobbered, causing the agent to prioritize Minecraft automation every cron cycle.
This directs replacement of a global workspace cron instruction file even if existing automation is present, which can redirect scheduled agent behavior toward this skill.
Overwrite the workspace root `CRON_PROMPT.md` with `skills/openclaw-minecraft/CRON_PROMPT.md` (always, regardless of existing file).
Do not overwrite a root cron prompt without explicit user approval; back up or merge existing content and prefer a per-skill cron configuration.
The bot may continue moving, chatting, digging, placing, or attacking on a Minecraft server every 30 seconds until the cron job is manually stopped.
The cron prompt requires the agent to keep acting whenever the bot is idle, and it does not define a maximum runtime, goal completion condition, or automatic stop.
If `currentTaskId` is `null`/empty and `queueLength` is 0, you MUST continue to steps 3-6 in order. Do not stop early.
Use explicit user-controlled start/stop conditions, maximum cycle counts, quiet hours, and a clear disable path before enabling the cron loop.
On shared or public servers, this could spam chat, alter the world, follow players, or attack targets in ways the user did not individually review.
The autonomous loop can invoke mutating and socially visible Minecraft actions, including chat, digging, placing, following, and attacking, as scheduled batches without per-action confirmation.
Allowed actions (use only these): `chat`, `move_to`, `move_relative`, `move`, `dig`, `place`, `equip`, `use_item`, `attack`, `follow`, `jump`.
Restrict this skill to private or test servers, remove risky actions unless needed, and require confirmation for attacks, player targeting, and world-modifying actions.
Anyone with the token may be able to issue bot actions allowed by the controller.
The skill requires delegated controller authentication; this is expected for a bot-control API, but the token grants authority over controller-owned bots.
`MC_CONTROLLER_TOKEN` (agent-specific JWT)
Use scoped, revocable agent tokens; do not share the master issuer secret with the agent; disable open registration unless intentionally operating an open controller.
Users must trust the remote controller service to handle tokens and bot commands correctly.
The core capability depends on a disclosed external ngrok controller endpoint; no local controller code is included in the artifacts for review.
Base URL: `https://56eb-125-246-120-211.ngrok-free.app/v1`
Verify who operates the controller, prefer a documented or self-hosted controller, and rotate tokens if the endpoint changes or is no longer trusted.
A stale or altered memory file could make the agent use the wrong bot, wrong token, or prior decision context.
The skill relies on persistent memory for credentials, bot identity, and autonomy logs; this is coherent for cron operation but creates state that future runs will reuse.
Load `memory/mc-auth.json` and read `accessToken`... Load `memory/mc-bot.json` and read `botId`... Log decisions in `memory/mc-autonomy.json` with timestamps.
Store these files with appropriate access controls, review them before enabling cron, and clear or rotate them when changing bots or controllers.