Hytale Server
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: hytale Version: 1.0.0 The skill bundle is designed to manage a local Hytale dedicated server. The `SKILL.md` provides clear instructions for setup and commands, without any prompt injection attempts. The `hytale.sh` script performs standard server management tasks like starting, stopping, updating, and checking status using `screen` and `java`. It expects the user to provide the `hytale-downloader` binary and credentials, interacting with them in a manner consistent with the stated purpose. There is no evidence of data exfiltration, malicious execution, persistence, or obfuscation. All actions are directly related to managing the Hytale server within the user's home directory.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You will be trusting the downloaded Hytale downloader binary to update server files.
The skill depends on an external executable that is not included in the reviewed files and is not pinned by checksum or signature, though the dependency is disclosed and purpose-aligned.
Get the zip from: `https://downloader.hytale.com/hytale-downloader.zip` ... place `hytale-downloader-linux-amd64` in `~/hytale_server/`.
Download the downloader only from the stated official source and verify it if Hytale provides checksums or signatures.
Running `hytale update` executes the local Hytale downloader in `~/hytale_server`.
The update command marks the downloader executable and runs it. This is central to the skill's stated update function, but it executes code outside the skill package.
chmod +x "$DOWNLOADER"
"$DOWNLOADER" -download-path "$SERVER_DIR" $CRED_ARGMake sure the downloader file in `~/hytale_server` is the official one you intended to run before using the update command.
Your Hytale downloader credentials may be used by the updater command.
The script passes a user-provided credentials file to the downloader when present. This credential use is disclosed in SKILL.md and appears aligned with downloading server files.
if [ -f "hytale-downloader-credentials.json" ]; then
CRED_ARG="-credentials-path hytale-downloader-credentials.json"
fiStore only the intended Hytale downloader credentials in `~/hytale_server/hytale-downloader-credentials.json` and avoid sharing that directory.
The server can keep running in the background until it is stopped.
The start command launches the server in a detached screen session, so it continues running after the command returns. This is disclosed and expected for a local game server.
screen -dmS "$SCREEN_NAME" java -Xmx4G -jar "$JAR_NAME"
Use the provided stop command when you no longer want the server running, and monitor resource usage if needed.