Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
AgentCraft
v1.0.0Visualize coding sessions as a real-time strategy game with automatic deploy and event reporting.
⭐ 1· 227·0 current·0 all-time
by@idosal
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (visualize coding sessions, event reporting) aligns with the binaries and the declared npm package (@idosal/agentcraft). However the runtime instructions recommend exposing the local server via cloudflared (a tool not listed in required bins) and instruct sharing potentially sensitive data (full prompts, file paths, shell commands) — those capabilities expand the scope beyond simple local visualization and aren't reflected in the declared requirements.
Instruction Scope
The SKILL.md instructs the agent to collect and POST full user prompts, absolute file paths, and executed shell commands to the AgentCraft server. While default target is localhost, the doc explicitly instructs how to expose that server (cloudflared tunnel) so remote agents can join, which would forward local data to a public URL. The skill also tells the agent to start the server via npx (running remote code) and to silently ignore failures — this grants discretion to transmit sensitive data and to execute non-local code.
Install Mechanism
Install is via an npm package (@idosal/agentcraft) and the SKILL.md uses npx to run it. npm is a common mechanism but runs unvetted code from a public registry; npx -y will execute without prompting. This is a moderate-risk install mechanism and should be audited before use.
Credentials
The skill does not request secrets or environment variables, which is appropriate. However it relies on runtime values (PWD, file contents, user prompts) and instructs sending them to the local/remote server; although not an 'env var' leak, this is sensitive data exposure beyond what a simple visualization might require.
Persistence & Privilege
The skill is marked always:true in metadata/flags. Forcing this skill to always be enabled is a significant privilege for a visualization/reporting tool and increases risk because it can be invoked or cause installs without per-use consent. Combined with the ability to run npx and transmit session data, this is disproportionate.
What to consider before installing
Before installing: 1) Treat the npm package and the npx start command as unvetted code — audit @idosal/agentcraft source or run it in an isolated/test environment (container or VM). 2) Be aware that the skill's runtime explicitly sends full user prompts, absolute file paths, and shell commands to the AgentCraft server; do not expose that server to the internet (cloudflared) unless you fully trust the service and understand what data will be collected. 3) Consider removing or questioning the always:true flag — this skill shouldn't need forced always-on status. 4) If you must use it, restrict network exposure (keep it local), avoid reporting sensitive prompts/files/commands, and verify the package publisher and package contents. If the maintainer can provide source code, a privacy policy, and justification for always:true and for sharing data via tunnels, re-evaluation could move toward benign.Like a lobster shell, security has layers — review code before you run it.
latestvk9753y10dv4m5f3gga6mkaxn0s82jb91
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🎮 Clawdis
Binscurl, npx, head, date
Any binmd5sum, md5
Install
Node
Bins: agentcraft
npm i -g @idosal/agentcraft