ClawHub

clawquest

v0.0.2

玩家通过龙虾发出挖矿指令后,服务端自动完成挖矿并返回收益结果,无需游戏在线。

1· 94·0 current·0 all-time
by@zhzai30

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for zhzai30/clawquest.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "clawquest" (zhzai30/clawquest) from ClawHub.
Skill page: https://clawhub.ai/zhzai30/clawquest
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required env vars: GAME_API_BASE_URL, REQUEST_TIMEOUT_MS
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install clawquest

ClawHub CLI

Package manager switcher

npx clawhub@latest install clawquest
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the implementation: code exposes endpoints to trigger server-side mining and to fetch player status, and it uses GAME_API_BASE_URL and REQUEST_TIMEOUT_MS to call the game server. Declared dependencies (express, zod) are appropriate for an HTTP skill service.
Instruction Scope
SKILL.md describes two tools (server_mine, get_player_status) and the code implements them. Instructions only require the game API base URL and timeout. The runtime does not read unrelated files or environment variables and does not forward data to external endpoints beyond GAME_API_BASE_URL.
Install Mechanism
There is no install spec even though package.json and package-lock.json are present (the project expects Node/npm to install dependencies and run). This mismatch isn't evidence of malice but means the registry entry lacks explicit install steps—confirm how the platform will install and run the Node service before deployment.
Credentials
Only GAME_API_BASE_URL and REQUEST_TIMEOUT_MS are required and are directly used. Player credentials are supplied at call time as playerToken and sent as a Bearer token to the configured game API; the skill does not request unrelated secrets or system credentials.
Persistence & Privilege
The skill runs a persistent HTTP server (listens on PORT, default 4021). always:false (not force-installed) and it doesn't modify other skills. Running a network service is expected for this use case but you should ensure the host, firewall, and access controls are appropriate because the service exposes tool endpoints with no additional auth.
Assessment
This skill appears to do what it claims, but check these before installing: 1) Deployment/install: the package includes package.json but no install spec—confirm how dependencies will be installed and the service started. 2) Trust the GAME_API_BASE_URL: the skill forwards the provided playerToken as a Bearer credential to whatever URL you configure, so only point it at a trusted game server. 3) Network exposure: the skill starts an HTTP server listening on a port (default 4021); ensure it runs in an isolated environment or behind a gateway/firewall so only authorized callers can reach /tool/*. 4) Authorization model: the service relies on caller-supplied playerToken; verify how tokens are generated/stored and ensure tokens are not leaked in logs or to untrusted networks. 5) Ask the author for explicit install/run instructions (or a vetted install spec) and for any intended production hardening (authentication on the skill endpoint, logging policy).
src/tools.ts:1
Environment variable access combined with network send.
Confirmed safe by external scanners
Static analysis detected API credential-access patterns, but both VirusTotal and OpenClaw confirmed this skill is safe. These patterns are common in legitimate API integration skills.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

⛏️ Clawdis
EnvGAME_API_BASE_URL, REQUEST_TIMEOUT_MS
latestvk97frnbr9d9aztw5t68wkaaedx84f5a2
94downloads
1stars
2versions
Updated 2w ago
v0.0.2
MIT-0
@zhzai30
latest
Download

openclaw-mining-server

挂机托管挖矿 Skill。玩家绑定账号后,通过龙虾发出指令,Skill 调用游戏服务端完成一局挖矿并返回收益结果,全程不需要游戏客户端在线。

工具列表

server_mine

发起一次托管挖矿请求。

入参:

  • playerToken(必填):玩家绑定令牌
  • autoBuyStamina(可选):体力不足时是否自动购买,默认 false

出参:

  • staminaUsed:本次消耗体力
  • staminaLeft:剩余体力
  • rewards:本次收益(gold、gem 等)
  • traceId:追踪 ID

get_player_status

查询玩家当前状态,用于决策是否发起挖矿。

入参:

  • playerToken(必填):玩家绑定令牌

出参:

  • stamina:当前体力
  • diamond:当前钻石
  • lastMineTime:最近一次挖矿时间

配置

在环境变量中填写以下值:

变量名说明
GAME_API_BASE_URL游戏服务端 HTTP 地址
REQUEST_TIMEOUT_MS请求超时时间(毫秒,默认 8000)

安全说明

  • 仅执行玩家已授权操作(挖矿、体力购买)
  • 不涉及账号密码与真实资金
  • 体力自动购买默认关闭,需玩家主动授权

Comments

Loading comments...