PetRPG
v1.0.0A Tamagotchi-style digital pet for AI agents. Raise your pet, battle others, evolve through stages. Includes A2A multiplayer for agent challenges.
⭐ 0· 479·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The declared purpose is a local pet game with optional A2A multiplayer. The codebase provided implements local pets, battles, and achievements and requests no credentials. However, SKILL.md demonstrates online A2A API usage (online.PetSync) yet the repository does not include an online.py implementation in the manifest. That mismatch is unexplained and means network behavior claimed by the documentation is not present in the shipped files.
Instruction Scope
Runtime instructions are straightforward: run the provided python scripts to create, feed, train, and battle pets. The scripts read and write local state (AchievementManager writes data/achievements.json). SKILL.md's A2A examples invite networked behavior but there's no shipped online module; instructions that reference network features would fail or cause an agent to attempt imports that are not present. The instructions do not ask the agent to read unrelated system files or environment variables.
Install Mechanism
There is no install spec (instruction-only skill with local scripts). No external downloads or package installations are requested in the manifest — this is the lowest install risk.
Credentials
The skill declares no required environment variables, no credentials, and no config paths. The code does write to a local data/achievements.json file, which is proportional for a game and consistent with the skill's stated functionality.
Persistence & Privilege
The skill does not request always:true and does not declare elevated privileges. It only writes its own data/ directory for achievements. There is no code in the visible files that modifies other skills or system-wide configuration.
What to consider before installing
This skill appears to be a local ASCII pet game and does not request credentials or install external code, but there are red flags you should consider before installing: (1) SKILL.md documents an 'online.py' A2A multiplayer API but online.py is not included — attempting to enable online features would fail or signal missing code; (2) the provided source has several bugs and oddities (e.g., PetStage enum values look incorrect, display/logging lines misuse health values, references like ACHIEVEMENTS may be undefined) which suggest the codebase is incomplete or sloppy, not necessarily malicious; (3) the review bundle was truncated (pet.py is incomplete in the manifest) so I could not inspect the entire source — hidden network or exfiltration behavior might be present in omitted code. Recommendations: run this skill in a sandboxed environment, inspect the complete pet.py and any missing files (especially any online.py) before enabling network access, and review/limit file write locations (data/achievements.json). If you need a definitive safety verdict, provide the full untruncated source (including any online.py) so it can be re-evaluated.Like a lobster shell, security has layers — review code before you run it.
latestvk97c4dzqvyj8fzdtkd5d575bzh81by24
License
MIT-0
Free to use, modify, and redistribute. No attribution required.