Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Sms Rpg
v1.2.6Runs the full bundled SMS RPG runtime. Invoke when the user wants complete one-turn chat gameplay after installing the skill from ClawHub.
⭐ 1· 84·0 current·0 all-time
by@jayshna
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description say this runs a bundled Node.js RPG runtime. Required binary (node) and the single required env var (MOONSHOT_API_KEY) are consistent with the code which calls the Moonshot/Kimi API. Optional env vars and license endpoints are documented and used by the bundled runtime. No unrelated cloud credentials or unrelated binaries are requested.
Instruction Scope
SKILL.md explicitly instructs the agent to run the bundled Node script (dist/dialog_engine.js) and relay its stdout. The runtime intentionally reads local save files and may read a workspace memory.md (if chosen) and send that content to the Moonshot/Kimi API. It also reads environment variables (OPENCLAW_USER, OPENCLAW_SESSION_USER, USER, LOGNAME, HOME, hostname, platform) to derive a local machine fingerprint used for license verification. Those behaviors are documented in SKILL.md and implemented in the code, but they have privacy implications: memory.md contents and the derived fingerprint (even though hashed) are transmitted out-of-process when license validation or generation occurs.
Install Mechanism
There is no network install spec; the package includes compiled dist/ JS and TypeScript sources. No remote downloads or URL-based installers are present in the manifest, so nothing arbitrary will be fetched during install beyond the normal runtime executing node against bundled files.
Credentials
The single required credential (MOONSHOT_API_KEY) is proportionate for contacting the Moonshot/Kimi generation API. The skill also reads several optional environment values (OPENCLAW_*, USER, HOME, etc.) to build a machine fingerprint for license activation; these are not strictly necessary for generation but are justified by the provided license flow. Users should be aware that HOME/USER/hostname/platform values and any memory.md content may be sent externally (the fingerprint is hashed before sending, per code).
Persistence & Privilege
The skill writes and reads local save/config/license files under configurable data directories (SMS_DATA_DIR or standard user-data locations). It does not request always:true, does not modify other skills, and its persistence is limited to its own data paths. Autonomous invocation is enabled by default (normal for skills) but not combined with unusual privileges.
Scan Findings in Context
[system-prompt-override] unexpected: The static pre-scan flagged a system-prompt-override pattern in SKILL.md. The SKILL.md contains YAML metadata and runtime instructions; this pattern may be a false positive from the registry scanner. Nevertheless, because SKILL.md is the runtime instruction the agent follows, any attempt to embed directives that could alter the assistant/system prompt deserves scrutiny. Review SKILL.md (already included) for unintended or malicious directive text; in the provided content the instructions are operational (run the bundled node script) rather than clearly attempting to override the model, but the finding should be treated as a caution.
Assessment
This skill bundles a full Node.js game runtime that will call the remote Moonshot/Kimi API using the MOONSHOT_API_KEY and may contact an optional license verification endpoint. Before installing: 1) Only provide an API key you trust for LLM generation (consider a key with minimal scope or a dedicated account). 2) Be aware the runtime can read workspace files (memory.md) and local saves and will send chosen file text to the model — do not include secrets in those files. 3) The runtime collects env values (HOME, USER, hostname, platform) to derive a machine fingerprint which can be sent (hashed) to the license endpoint — if you’re concerned about telemetry, leave the license URL unset or run in an isolated environment. 4) Inspect kimi_client.ts and license_service.ts (included) to verify exact endpoints used and whether you trust them. 5) If you want to limit risk, run the dist/script in a sandbox or container, or avoid enabling the license/unlock features that send machine-identifying data. If you need more assurance, provide the missing details (contents of kimi_client.ts and license_service.ts endpoints) so I can re-evaluate with higher confidence.code/kimi_client.ts:180
Environment variable access combined with network send.
code/license_service.ts:51
Environment variable access combined with network send.
dist/kimi_client.js:146
Environment variable access combined with network send.
dist/license_service.js:20
Environment variable access combined with network send.
code/kimi_client.ts:1
File read combined with network send (possible exfiltration).
code/license_service.ts:1
File read combined with network send (possible exfiltration).
dist/kimi_client.js:25
File read combined with network send (possible exfiltration).
dist/license_service.js:56
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk976xykn13mqk1z4wqjnqepvh184wyq0
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🎮 Clawdis
Binsnode
EnvMOONSHOT_API_KEY
Primary envMOONSHOT_API_KEY