Hitchhikers Guide
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a coherent local text-adventure skill, with the main caveats that it runs a Python save manager and stores game history locally.
This skill looks safe for its stated purpose. Before installing, know that it will run a local Python script and save gameplay history under the skill's assets folder; avoid typing secrets into the game and review the small included script if the unknown source concerns you.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
65/65 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may require Python even though the registry requirements do not declare it.
The README discloses a Python runtime requirement, while the registry metadata lists no required binaries. This is an operational metadata gap, not hidden behavior.
- Python 3.x - Any terminal capable of running `python` scripts.
Declare Python as a required binary/runtime in metadata so users know what will be executed.
Using the skill will execute local Python commands to load and update the game save.
The agent is instructed to run a local Python helper. The included code is consistent with save-state management and shows no network, credential, or unrelated system behavior.
Run `python scripts/game_manager.py load` ... Use the following atomic commands to update the game state
Only install/run it if you are comfortable with the included script managing local game files.
Game actions and any text saved into history may remain in local files and be reused in later gameplay.
The skill stores persistent game state and history on disk for future sessions. This is expected for a save-game system, but user-entered text may be retained.
SAVE_FILE = os.path.join(SKILL_DIR, "assets", "hitchhikers_save.json") ... state.setdefault("history", []).append(entry)Avoid entering sensitive personal information during gameplay, and clear or reset the save files if you do not want the history retained.