ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Hitchhikers Guide

v1.1.2

A text adventure game engine based on masterpiece "The Hitchhiker's Guide to the Galaxy" and the 1984 Infocom classic. Use when the user wants to play a joyf...

0· 627·1 current·1 all-time
byEthan Nie@hallwayskiing
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name/description (a Hitchhiker's Guide text adventure) matches the included files and required actions. All file accesses are confined to the skill directory (assets/ and references/). Minor mismatches: SKILL.md and README claim automatic saving of Guide entries (assets/GUIDE.md) and list a 'save' command, but the provided game_manager.py does not implement explicit GUIDE.md writing nor a separate 'save' command. These are implementation inconsistencies, not evidence of unrelated capabilities or hidden access.
Instruction Scope
SKILL.md directs the agent to run the bundled CLI (python scripts/game_manager.py ...) and to consult references/mechanics.md. Those runtime instructions stay within the skill (load/save local state, update stats). A minor scope inconsistency: SKILL.md instructs the agent to 'save guide entries to assets/GUIDE.md automatically', but no code implements automatic GUIDE.md updates — the agent would need to write that file itself. The instruction set otherwise does not ask the agent to read external system files or call remote endpoints.
Install Mechanism
No install spec or external downloads; this is instruction-only with one bundled Python script. Nothing is fetched from the network or written outside the skill directory by the provided code.
Credentials
No environment variables, credentials, or external service tokens are requested. The Python script uses only local filesystem and random. This level of access is proportionate to a local game engine.
Persistence & Privilege
The skill persists game state to assets/hitchhikers_save.json within its directory; it does not request always:true, system-wide config changes, or other skills' credentials. This is appropriate for a game that needs local saves.
Assessment
This skill is coherent and appears to be a local text-adventure engine. Before installing or running it: 1) Review the assets/ directory (GUIDE.md, hitchhikers_save.json) and back up any existing files you care about. 2) Note small inconsistencies: the docs mention automatic GUIDE.md writes and a 'save' command that are not implemented in scripts/game_manager.py — the agent or a human would need to create/append GUIDE.md if you want persisted lore. 3) The game_manager writes a JSON save file inside the skill directory; run it in a sandbox or with limited permissions if you want to avoid accidental overwriting of unrelated files. 4) If you plan to let an autonomous agent run shell commands, ensure the agent invokes the Python script safely (passing args as argv rather than via a shell) to avoid shell-argument injection from untrusted inputs. If you want deeper assurance, request a clean implementation of GUIDE.md handling and a code comment explaining the shallow-copy behavior of INITIAL_STATE (the current copy() is shallow for nested dicts).

Like a lobster shell, security has layers — review code before you run it.

latestvk97ej0d8756qm0dp5jyt164z1x81csn2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments