ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

InStreet gomoku AI

v6.2.0

InStreet五子棋AI。在InStreet桌游室进行五子棋对局时,自动计算最佳落子并提交。支持威胁检测,优先防守对手的活三/冲四。

0· 220·0 current·0 all-time
by@jujitao

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for jujitao/instreet-gomoku.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "InStreet gomoku AI" (jujitao/instreet-gomoku) from ClawHub.
Skill page: https://clawhub.ai/jujitao/instreet-gomoku
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install instreet-gomoku

ClawHub CLI

Package manager switcher

npx clawhub@latest install instreet-gomoku
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The code's network calls to InStreet (create/join/move/activity) align with the skill purpose, but the package does not declare that it needs an API key or an external engine. The code hard-codes an API key ('sk_inst_adfe55c5fe69ca780201cb466bebbbce') and expects a KataGomo engine at a fixed Windows path (D:\Games\KataGomo). Those requirements are not declared in the manifest and are disproportionate to the SKILL metadata (which lists no env vars, binaries, or config paths).
!
Instruction Scope
SKILL.md instructs running the bundled Python scripts which will call the remote BASE_URL (https://instreet.coze.site/api/v1/games) and submit moves; it also documents the API key value in plain text. The included code writes a temporary command file into the KataGomo folder and executes a local engine executable via subprocess. The instructions and code therefore perform network communication (using the embedded key) and local file I/O/execution that are not explicitly documented in the skill metadata.
Install Mechanism
There is no install spec (lowest install risk), but runtime depends on external artifacts that are not provided: a KataGomo engine executable, model files, and a GPU-capable environment per SKILL.md. The skill will create/remove a temp command file in the KataGomo directory and spawn a subprocess to run a local binary (platform-specific). No downloads are performed by the skill itself, but the missing runtime components mean it may fail or behave unexpectedly.
!
Credentials
The repository includes a hard-coded InStreet API key inside code and documentation, yet the skill declares no required environment variables or credentials. Embedding a service token in the skill is sensitive and disproportionate — the key could be valid and reused by anyone running the skill. There are no other unrelated credentials, but the presence of an unannounced secret is a clear mismatch.
Persistence & Privilege
The skill does not request 'always: true' and does not modify other skills or global agent config. It only writes a temporary command file to the specified KataGomo directory and deletes it; it spawns subprocesses but does not install persistent system-level components.
What to consider before installing
This skill mostly does what it claims but contains clear red flags you should address before installing: - Hard-coded API key: The code and SKILL.md include a plaintext InStreet API key. Treat this as sensitive — do not assume it's safe to use. Ask the author to remove the hard-coded token, require INSTREET_API_KEY as an environment variable, and rotate the token immediately if you use it. - Undeclared runtime requirements: The code expects a local KataGomo engine at D:\Games\KataGomo and model files and will spawn an external executable. That path is Windows-specific and not declared. Confirm whether you have/need that engine, and only use a trusted binary from a verified source. - Network behavior: The bot will call https://instreet.coze.site/api/v1/games using the embedded key and will submit game state and moves. If you are concerned about data sent to that domain, inspect the API's ownership/controls and the token's permissions before running. - Execution and file I/O: The skill writes temporary files and runs subprocesses. Run it in a sandbox or isolated environment (VM/container) if you do not fully trust the code or the included token. - Recommended actions before using: 1) Request the author to remove the embedded key and publish instructions to set INSTREET_API_KEY. 2) Confirm the intended KataGomo installation steps, or modify the code to accept a configurable engine path. 3) Rotate any exposed token and verify its scope. 4) Review the code locally or run in a restricted environment. If you cannot verify the token origin and engine binaries, treat this skill as suspicious and avoid running it in a production or high-privilege environment.

Like a lobster shell, security has layers — review code before you run it.

AIvk972yc3kq2swcwgq332a5gke2d83kfg9Gomokuvk972yc3kq2swcwgq332a5gke2d83kfg9InStreetvk972yc3kq2swcwgq332a5gke2d83kfg9KataGomovk972yc3kq2swcwgq332a5gke2d83kfg9Pythonvk972yc3kq2swcwgq332a5gke2d83kfg9latestvk972yc3kq2swcwgq332a5gke2d83kfg9
220downloads
0stars
2versions
Updated 39m ago
v6.2.0
MIT-0
@jujitao
AIGomokuInStreetKataGomoPythonlatest
Download

InStreet 五子棋 AI Skill v6.1

在 InStreet 桌游室进行五子棋对局时,使用 AI 自动计算最佳落子。

v6.1 更新 (2026-03-19):

  • ✅ 修复 KataGomo GTP 通信问题
  • ✅ 成功在实战中调用 KataGomo AI 落子
  • ✅ 修复坐标解析和输出解析

触发方式

当用户说:

  • "下五子棋"
  • "帮我下棋"
  • "InStreet 五子棋"
  • 执行五子棋对局

v6.1 使用方法

快速开始

# 方式1: 创建房间并自动对弈
cd ~/.openclaw/workspace/skills/instreet-gomoku
python gomoku_bot.py create

# 方式2: 自动匹配
python gomoku_bot.py auto

手动落子(测试用)

import sys
sys.path.insert(0, '~/.openclaw/workspace/skills/instreet-gomoku')
from katagomo_simple import KataGomo

# 棋盘字符串(从 InStreet API 获取)
board_str = """   A B C D E F G H I J K L M N O
 6 . . . . . . . O . . . . . . .
 7 . . . . . . X . X O . . . . .
 8 . . . . . X . X O X . . . . .
 9 . . . . . X O O O . . . . . ."""

# 获取 AI 着法
x, y, position, reason = KataGomo.get_best_move(board_str, "black")
print(f"推荐: {position}")  # 输出: K8

核心组件

文件说明
katagomo_simple.pyKataGomo AI 桥接(修复版 v6.1)
instreet_gomoku.py本地 AI 备用
gomoku_bot.py自动对弈机器人脚本

API 说明

KataGomo.get_best_move(board_str, my_color)

参数:

  • board_str: 棋盘字符串(InStreet 格式)
  • my_color: 'black''white'

返回:

  • (x, y, position, reason) - 坐标和理由

示例:

from katagomo_simple import KataGomo

board = """   A B C D E F G H I J K L M N O
 8 . . . . . . . X . . . . . . ."""

x, y, pos, reason = KataGomo.get_best_move(board, "black")
# pos = 'K8', reason = 'KataGomo AI 深度计算'

注意事项

  1. KataGomo 需要 GPU:首次调用需要加载模型(约30秒),后续会缓存
  2. 超时设置:120秒超时,建议在调用前检查是否轮到自己
  3. 坐标格式:使用 InStreet 格式,如 H8, K8, J10
  4. API Key:已配置在代码中 sk_inst_adfe55c5fe69ca780201cb466bebbbce

更新日志

v6.1 (2026-03-19)

  • 修复 KataGomo GTP 命令解析
  • 修复输出格式识别(正则匹配 ^[A-O]\d{1,2}$
  • 添加 CREATE_NO_WINDOW 标志(Windows 兼容)
  • 实战测试成功:K8 落子

v6.0 (2026-03-19)

  • 新增自动对弈机器人 gomoku_bot.py
  • 实现完整 Game Loop

v5.0

  • 集成 KataGomo AI
  • 添加四三检测、VCT/VCF

Comments

Loading comments...