Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Claw Rpg
v3.0.0D&D-style lobster RPG system generating characters from SOUL and MEMORY, tracking XP, leveling up to 999 with prestige, and providing a web dashboard.
⭐ 1· 356·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md describes generating characters, tracking XP, and running a web dashboard, which matches the included scripts and dashboard. However the registry metadata states no required binaries or env vars, while SKILL.md and the shipped files clearly require Node/npm (commands like `node scripts/*.mjs`, `npm install`, `npm start`) and optionally use environment variables (OPENCLAW_WORKSPACE, PORT). That mismatch (declaring 'none' but shipping Node-based code) is an incoherence: a user installing this should expect to need Node and npm.
Instruction Scope
The instructions advise integrating scripts into agent runtime (run scripts/easter.mjs after every reply), setting up a cron job, and running a local web server exposed to the LAN. Those runtime actions go beyond a passive helper: they write/modify save files, increment conversation counters, award XP automatically, and may send notifications. Recommending an after-each-reply hook gives the skill broad opportunity to modify bot replies and update persistent state — appropriate for the feature but high-impact and deserves careful review before enabling.
Install Mechanism
There is no formal install spec in the registry (instruction-only), but the package includes many runnable scripts and a Node-based dashboard that requires `npm install` / `npm start`. This is low-to-moderate risk because code is bundled with the skill (no remote downloads), but the absence of an install step declaration (and missing explicit Node requirement) is an inconsistency users should be aware of.
Credentials
SKILL.md and registry metadata declare no required environment variables or primary credential, yet the code reads process.env.OPENCLAW_WORKSPACE and process.env.PORT and the README/SKILL.md references Telegram notifications (config.json and telegram_chat_id). The skill does not declare how Telegram bot credentials are provided, but scripts/_notify.mjs (present in the bundle) likely performs outbound network calls to notify — this is an undeclared credential/network requirement. That gap is suspicious: notification integrations and any outbound endpoints should be explicit so users can control secrets.
Persistence & Privilege
The skill moves and stores save data to a persistent path under the user's home (~/.openclaw/workspace/claw-rpg) and the docs recommend running setup-cron.mjs to create automated jobs. The skill therefore persists state across reinstalls and can schedule recurring tasks on the host. While not necessarily malicious, these are significant privileges (file writes in home + cron modification) and should be considered before granting the skill operational integration into an agent.
What to consider before installing
This skill implements the advertised RPG and dashboard, but there are several mismatches and potentially high-impact behaviors you should review before installing or enabling it:
- Node/npm required but not declared: the skill runs `node` scripts and asks you to run `npm install`/`npm start` for the dashboard. Make sure your environment has a trusted Node runtime and inspect the scripts before running them.
- Telegram/notification credentials are not declared: the README mentions Telegram reports but the registry metadata lists no required env vars. Search scripts/_notify.mjs and report.mjs to see how the bot token/chat id are supplied (env var vs config file) and avoid putting any shared or sensitive secrets into those locations until you verify behavior.
- Persistent save location & auto-migration: scripts will create and move character.json to ~/.openclaw/workspace/claw-rpg, which survives reinstalls. If you don't want persistent user-visible files, do not run the init/migration scripts or review and change paths first.
- Cron setup: setup-cron.mjs can add scheduled tasks. Review its code to confirm what it writes to your crontab or scheduler; prefer manual cron entries after inspection.
- Per-reply integration: the project recommends running easter.mjs after each reply. That gives the skill the ability to alter outgoing replies (appending flavor text) and to update XP/conversation counters. Only wire that into production reply paths after code review and preferably run it in a sandboxed/test agent first.
- Network & outbound behavior: audit scripts/_notify.mjs, report.mjs, and any network calls in the codebase to ensure there are no unexpected external endpoints or exfiltration of files (especially from MEMORY.md / USER.md which may contain private info).
Concrete next steps:
1) Review scripts/_notify.mjs, setup-cron.mjs, easter.mjs, and xp.mjs for IO and network behavior. 2) Run the code in an isolated environment (local VM or container) and avoid enabling the after-each-reply hook until you confirm it behaves as expected. 3) If you want Telegram reports, create a dedicated bot/account and store its token in a location you control; do not reuse high-privilege tokens. 4) If you don't want persistent state, edit scripts/_paths.mjs or set OPENCLAW_WORKSPACE to a directory you control before running init.mjs.scripts/_notify.mjs:13
Environment variable access combined with network send.
scripts/setup-cron.mjs:19
Environment variable access combined with network send.
scripts/_notify.mjs:7
File read combined with network send (possible exfiltration).
scripts/setup-cron.mjs:9
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk975jrv0kpjjr9nyz7ftrjay5s83mecm
License
MIT-0
Free to use, modify, and redistribute. No attribution required.