Unity Plugin
AdvisoryAudited by Static analysis on May 4, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may believe Unity actions require explicit requests even though the published configuration allows the agent to call the Unity tool without direct user invocation.
The skill makes a prominent safety claim that the AI will not automatically invoke tools, but the provided registry metadata says disable-model-invocation is false, meaning the agent can invoke the tool autonomously.
disableModelInvocation: true ... AI가 자동으로 도구를 호출하지 않음 ... 사용자가 명시적으로 요청한 작업만 실행
Verify the actual installed invocation setting before use, and keep autonomous invocation disabled unless you are comfortable with the agent controlling your Unity project.
If invoked unintentionally or with bad arguments, the agent can queue broad Unity operations against the connected editor session.
A single generic dispatcher forwards arbitrary tool names and parameters to Unity, with no visible allowlist, per-command approval, or risk gating in the extension code.
name: "unity_execute" ... tool: { type: "string" ... } ... parameters: { type: "object" ... } ... session.pendingCommands.push({ tool, arguments: parameters || {}Use this only on backed-up or disposable projects, require confirmation for destructive operations, and consider adding allowlists or approval checks for delete, package, save, and script tools.
The agent may be able to run project methods, change editor/game state, or trigger project code paths that have side effects.
The documented Unity tool includes a script execution path with reflection-based method calls, which is a powerful escape-hatch capability inside the Unity project.
script.execute ... Supports Debug.Log, Time, PlayerPrefs, and **reflection-based method calls** ... "code": "Debug.Log(\"Hello\")"
Treat script.execute as high risk; use explicit user approval, restrict what methods can be called, and avoid enabling it on production or sensitive projects.
Another local or reachable client could potentially discover session IDs, observe queued Unity commands, or inject fake command results depending on gateway exposure.
The bridge exposes session status, polling, and result submission over HTTP using session IDs, while the provided handler shows wildcard CORS and no authentication or origin checks.
res.setHeader("Access-Control-Allow-Origin", "*"); ... case "status": ... sessionId ... case "poll": ... url.searchParams.get("sessionId") ... case "result": ... const { sessionId, toolCallId, result } = bodyBind the bridge to localhost where possible, add authentication or shared-secret checks, avoid wildcard CORS, and do not expose the gateway to untrusted networks.
The gateway extension remains installed and can continue exposing the Unity bridge after setup until removed or disabled.
The setup script installs the included extension into OpenClaw's persistent extensions directory; this is disclosed and purpose-aligned, but users should notice that it changes gateway behavior.
EXTENSION_DST="$HOME/.openclaw/extensions/unity" ... cp -r "$EXTENSION_SRC"/* "$EXTENSION_DST"/
Review the extension source before installing, install only from a trusted copy, and remove the extension when you no longer need Unity control.