TRPG Session
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is mostly a tabletop RPG setup guide, but its sample configuration appears to share one campaign folder across agents while also promising private character or DM secrets.
There is no evidence of malicious code or exfiltration, but review the configuration before use. Keep only game-appropriate content in the campaign folder, split shared rules/lore from DM-only and per-character files, keep Discord triggers mention-only, and verify session-log or character-file updates before relying on them.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A PC agent may be able to access another character's secrets or DM-only material, spoiling private game information.
The skill promises private character boundaries, but the sample agent definitions place DM and PC agents in the same campaign workspace. Without explicit file or retrieval isolation elsewhere, private campaign files could be visible across agents.
`character secrets stay private` ... DM/PC examples both use `workspace: ~/.openclaw/trpg/<campaign-slug>`
Use separate workspaces or retrieval scopes for shared rules/lore, DM-only notes, and each PC. Do not store secrets in the shared campaign root unless OpenClaw access controls are explicitly configured.
If the trigger is misconfigured, agents could respond more broadly than intended in a group chat.
The skill documents persistent agents connected to a Discord channel. The `mentionOnly: true` setting is a meaningful scope control, but users still need to ensure agents are only active in the intended campaign channel.
`triggers: - pattern: ".*" ... channels: ["discord:#<campaign-channel>"] ... mentionOnly: true`
Keep `mentionOnly: true`, use a dedicated campaign channel, and disable or remove campaign agents when the campaign ends.
Incorrect session summaries or character updates could persist into future sessions.
The DM agent is instructed to modify campaign files at session end. This is purpose-aligned and scoped to game files, but it can still overwrite or incorrectly update persistent campaign state.
`End session.` ... `Write a session summary to sessions/session-NNN.md` ... `Update character states (HP, inventory, conditions)`
Review generated session logs and character-state changes, and keep backups for important campaigns.