3D Game Builder
PassAudited by ClawScan on May 1, 2026.
Overview
The skill coherently builds browser-based 3D games, but users should notice it can run shell commands, overwrite its temporary game workspace, store progress state, and embed supplied assets.
This looks appropriate for generating local Three.js games. Before installing, be comfortable with the agent using shell/file tools in its build workspace, replacing prior temporary game files, storing progress in /tmp/game-build/progress.md, and embedding any supplied image assets into the final HTML.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked, the agent has enough local tooling authority to run shell commands and modify files within the session.
The skill grants unrestricted Bash access along with file read/write tools. This is useful for building and serving a local game, but it is broader than the specific commands shown.
allowed-tools: Bash(*), Write, Read, Edit, Glob, Grep
Use it for game-building tasks you trust, and review generated files or shell actions if your agent shows them before execution.
Starting a new game may remove the previous generated game state in the temporary build folder.
The skill intentionally replaces prior generated game files when starting a new game. The surrounding instructions point to /tmp/game-build, so this appears scoped and purpose-aligned.
→ Delete old files, proceed to **Phase 1** as a fresh build.
Copy or save any generated game you want to keep before asking for a completely new game.
Future edits may be based on whatever is stored in progress.md, including outdated or manually changed information.
The skill uses a persistent progress file as context for future invocations, which is appropriate for iterative development but means saved state can influence later behavior.
Read `progress.md` to understand what game currently exists... always update `progress.md` with an entry in the Iteration History section.
Avoid putting sensitive information in game descriptions, and clear /tmp/game-build/progress.md if you want a fresh state.
Any private image used as a texture may become part of the game file and be shared if the HTML is shared.
The skill may include provided image assets directly inside the generated HTML file. This is expected for a self-contained browser game, but it can retain private images in the output.
If the user provides actual texture images, embed them as base64 data URIs in the HTML
Only provide reference or texture images that you are comfortable embedding in the generated game.
The generated game may require network access to jsDelivr and depends on the CDN serving the expected library.
The generated game pattern imports Three.js from a public CDN. The version is pinned and this is normal for browser demos, but the output depends on that external source at runtime.
"three": "https://cdn.jsdelivr.net/npm/three@0.160.0/build/three.module.js"
For offline or production use, consider vendoring the Three.js files locally or reviewing the CDN dependency.