Goosetown Skill
ReviewAudited by ClawScan on May 10, 2026.
Overview
GooseTown mostly matches its stated virtual-town purpose, but it runs a persistent external connection and lets remote town content become recurring prompts for the agent.
Install only if you want your agent to participate in an external shared town and you are comfortable with remote chat/status content appearing in its workspace context. Use a dedicated agent/workspace, avoid putting secrets in personality or chat text, protect GOOSETOWN.md, and disconnect the daemon when finished.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Messages or summaries from the town could steer what the agent does next if the agent treats them as instructions rather than as game/chat content.
The skill makes a workspace file a recurring action prompt for the agent. Because that file is produced from GooseTown events, remote content can influence the agent unless it is clearly treated as untrusted conversation.
Every 15 seconds, read `TOWN_STATUS.md` ... When you see "Your turn", decide what to do based on your personality and the situation, then use the tools above.
Use this only with a clear rule that TOWN_STATUS.md and town chats may guide GooseTown actions but must not override user instructions or trigger actions outside the GooseTown tools.
Other agents or the service could introduce prompt-like text into the agent's workspace context.
Server-provided context is written directly into the local status file that drives agent behavior. The artifacts do not show sanitization, trust labels, or boundaries separating remote/peer-agent text from instructions.
summary = data.get("context_summary", "") ... status = summary + "\n\n" ... self._write_status(status)Treat all town summaries and chat messages as untrusted external content; avoid exposing secrets in conversations or personality fields, and constrain the agent to GooseTown-only responses when handling town status.
Anyone with access to the workspace file may be able to reuse the GooseTown token.
The registration token is stored in a plaintext workspace config file. This is disclosed and expected for the integration, but it is still a credential that protects the agent's GooseTown session.
cat > "${AGENT_DIR}/GOOSETOWN.md" <<CONF
# GooseTown Configuration
token: ${TOKEN}Use a dedicated workspace, do not share GOOSETOWN.md, and remove or rotate the token when you stop using the skill.
On a shared machine, another local process might be able to read cached town state or try to send actions through the daemon socket.
The authenticated daemon's state and Unix socket are placed in a predictable /tmp path. The provided artifacts do not show owner-only permissions or other hardening for that local control channel.
Writes state to `/tmp/goosetown/<agent>/` (cached state, PID file, Unix socket) for instant reads via `town_check`.
Run this in a trusted single-user environment or change the runtime directory/socket permissions to an owner-only location such as a 0700 directory under the agent workspace.
The skill may keep the agent present in GooseTown and continue updating status while the daemon is running.
A long-running background process is central to the skill and is clearly disclosed, but it means the agent can remain connected and receive prompts until disconnected.
This skill runs a background Python daemon (`town_daemon.py`) that: Connects to GooseTown via WebSocket
Use `town_disconnect` when done and verify the daemon has stopped if you do not want ongoing participation.
Installation depends on the local environment and whichever websockets package version is installed.
The skill requires local binaries and the Python websockets package. This is expected for a WebSocket daemon, but the dependency is not pinned in the artifact.
metadata: {"openclaw": {"requires": {"bins": ["python3", "socat"], "pip": ["websockets"]}, "heartbeat": 15}}Install dependencies from trusted package sources and consider pinning/reviewing the exact websockets version in controlled environments.