Minecraft
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is an instruction-only Minecraft helper with disclosed safety checks and optional consent-based memory, with no code execution, credentials, or hidden install behavior shown.
Before installing, know that this skill may remember Minecraft preferences if you agree and may provide commands or server steps that affect worlds. Use backups or test worlds for risky changes, verify the edition/version first, and avoid saving credentials or private server tokens in its notes.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user follows generated commands or mod/server changes without checking, a world or server could be affected; the skill's own instructions try to prevent that.
The skill may advise on actions that can change or damage a Minecraft world or server, but it explicitly requires user confirmation and risk handling before that advice.
Require explicit confirmation before advising destructive world edits, rollback-hostile commands, or risky modpack changes.
Confirm Java vs Bedrock, version, and permissions before using generated commands, and back up or test in a copy before destructive world or server changes.
Future Minecraft advice may rely on stored edition, server, or preference notes; stale or incorrect notes could lead to wrong guidance.
The skill uses persistent memory and optional local files to remember Minecraft preferences and activation behavior across sessions.
Save only those activation preferences in main memory so future sessions know when to load Minecraft... Store data only in `~/minecraft/` after explicit user consent.
Allow persistence only if useful, keep stored notes minimal, review or delete stale Minecraft memory, and do not store account credentials or private server tokens.