Auto PieceOne
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This game-automation skill is purpose-aligned, but it asks the agent to download, update, and run unreviewed remote Python code that can control the system mouse.
Review the GitHub repository before running this skill, pin the code to a trusted commit instead of using git pull, and run it only while supervising the browser game because it controls the system mouse.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing or launching the skill could run changed or unreviewed code from the remote repository on the user's machine.
The skill instructs the agent to download, update, and run code from an external GitHub repository, but that code is not included in the reviewed artifacts and no commit pinning or verification is provided.
exec(command="git clone https://github.com/imtonyjaa/autopieceone.git") ... exec(command="git -C autopieceone pull") ... exec(command="python autopieceone/autopieceone.py CharacterName")
Only use it after manually reviewing the GitHub repository, pinning a trusted commit, and avoiding automatic pulls before execution.
The Python script would execute locally with the user's permissions and could affect the desktop environment.
Although code execution is needed for this automation, the artifacts provide only instructions and direct the agent to install dependencies and run a Python script whose contents were not supplied for review.
pip install pyautogui pyperclip python-dotenv ... exec(command="python autopieceone/autopieceone.py CharacterName")
Run this only in a controlled environment after reviewing the script and dependency versions; prefer a packaged skill with included, pinned code.
If another window becomes active, automated clicks or typing may affect that window instead of the game.
The skill discloses that it uses PyAutoGUI-style desktop control, which is purpose-aligned for game automation but can click or type into the wrong application if focus changes.
The script uses system-level mouse control, so the game window must be in the foreground.
Keep the game isolated and in the foreground, monitor the automation while it runs, and know how to trigger the PyAutoGUI failsafe.