ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

CraftClose

v0.1.0

AI-powered Minecraft server monitoring with crash detection, auto-restart, and smart alerts. Use when: monitoring Minecraft servers, diagnosing crashes, sett...

0· 100·0 current·0 all-time
byBejie Paulo Aclao@ginhooser-cyber

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for ginhooser-cyber/craftclose.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "CraftClose" (ginhooser-cyber/craftclose) from ClawHub.
Skill page: https://clawhub.ai/ginhooser-cyber/craftclose
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: craftclose
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install craftclose

ClawHub CLI

Package manager switcher

npx clawhub@latest install craftclose
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description, required binary 'craftclose', and the npm install spec are coherent for a Minecraft monitoring CLI. The skill declares the craftclose CLI as required and the install uses the craftclose npm package — reasonable for the stated purpose. Minor mismatch: SKILL.md explicitly references a Gemini API key in examples but the registry metadata does not declare a primaryEnv or required envs (so the skill's metadata is incomplete/underspecified).
Instruction Scope
SKILL.md contains concrete CLI usage and config examples for monitoring, crash analysis, and management (SSH, RCON, Pterodactyl). The instructions do not themselves instruct arbitrary file exfiltration, but configuration examples include sensitive paths and secrets (e.g., ~/.ssh/id_rsa, rcon password, pterodactyl api_key, telegram bot_token, GEMINI_API_KEY). Running the CLI with such config will cause the tool to read local keys, connect to remote services, and access server logs — expected for the purpose, but the guidance does not explicitly warn about secure handling of these secrets or where the tool sends AI analysis results (it names Gemini but doesn't define how data is transmitted/stored).
Install Mechanism
Install uses npm (npm install -g craftclose) to provide the craftclose binary — an expected and traceable mechanism for a Node.js CLI. This is moderate-risk in general (you must trust the npm package source) but is proportional to the functionality and consistent with the skill's purpose. No downloads from arbitrary URLs or archive extraction are specified.
!
Credentials
The skill metadata lists no required env vars, yet the SKILL.md config/example expects multiple sensitive secrets (GEMINI_API_KEY, RCON password, Pterodactyl api_key, Telegram bot_token, Discord webhook, and SSH key path). Those credentials are necessary for full functionality but are not declared in the skill metadata's requires/primaryEnv fields. This lack of declaration obscures the credential surface and prevents upfront review of what secrets will be used. That mismatch is a security concern.
!
Persistence & Privilege
The skill is not always-on and is user-invocable (normal), but it is designed to run continuous monitoring and to perform management actions (auto-restart via SSH/RCON/Pterodactyl). If invoked autonomously or run with supplied credentials, it can perform stateful actions on servers and create local state (SQLite history). Combined with the missing declaration of sensitive env vars, this increases the potential blast radius and warrants caution before granting credentials or allowing autonomous runs.
What to consider before installing
This skill appears to be what it says (a CLI monitor) but the runtime instructions expect many sensitive credentials that are not declared in the skill metadata. Before installing or running: (1) inspect the craftclose npm package and its source (verify publisher, review package code) to ensure it handles secrets and remote connections safely; (2) do not paste secrets into shared prompts — prefer environment variables or restricted config files with tight filesystem permissions; (3) if possible run the CLI in a sandbox or test environment first (use least-privilege API keys, limit Pterodactyl API scope, rotate keys after testing); (4) confirm where AI analysis data is sent/stored (Gemini provider) and whether logs or crash dumps containing sensitive data are transmitted; (5) only allow autonomous invocation if you trust the package and have restricted credentials — otherwise run it manually.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🔧 Clawdis
Binscraftclose

Install

Install CraftClose CLI (npm)
Bins: craftclose
npm i -g craftclose
latestvk970ahwqcjamhhbgyvx82cxphd83bav0
100downloads
0stars
1versions
Updated 1mo ago
v0.1.0
MIT-0
Bejie Paulo Aclao@ginhooser-cyber
latest
Download

CraftClose — AI Minecraft Server Monitor

AI-powered Minecraft server monitoring — crash detection, auto-restart, and smart alerts.

When to Use

USE this skill when:

  • Monitoring a Minecraft server's health (TPS, players, uptime)
  • Diagnosing crashes or performance issues
  • Setting up auto-restart on crash detection
  • Configuring Telegram bot or Discord webhook alerts
  • Analyzing server logs with AI (Gemini)
  • Managing servers via Pterodactyl panel
  • Checking plugin conflicts or config issues

When NOT to Use

DON'T use this skill when:

  • Bedrock-only servers (Java/Paper servers only)
  • Non-Minecraft game servers
  • Web application monitoring
  • Network diagnostics unrelated to Minecraft

Install

npm install -g craftclose

Setup

# Copy example config
craftclose init

# Or manually create craftclose.yml
cp node_modules/craftclose/craftclose.example.yml ./craftclose.yml

Config (craftclose.yml)

servers:
  - name: my-server
    host: 127.0.0.1
    connections:
      ssh:
        port: 22
        username: minecraft
        key_path: ~/.ssh/id_rsa
      rcon:
        port: 25575
        password: changeme
      pterodactyl:
        panel_url: https://panel.example.com
        api_key: ptlc_xxxxx
        server_id: abc123

monitoring:
  interval: 60
  auto_restart: true
  max_restarts: 3
  restart_window: 300

alerts:
  telegram:
    bot_token: "123456:ABC..."
    chat_id: "-100123456"
  discord:
    webhook_url: "https://discord.com/api/webhooks/..."

ai:
  provider: gemini
  api_key: ${GEMINI_API_KEY}

CLI Commands

# Test all connections
craftclose test

# Check server status
craftclose status

# Start continuous monitoring
craftclose monitor

# View crash/event history
craftclose history

# AI-powered crash analysis
craftclose analyze

# Config optimization suggestions
craftclose optimize

# Check plugin conflicts
craftclose conflicts

# Pterodactyl panel operations
craftclose panel status
craftclose panel restart
craftclose panel console "say Hello"

Key Features

FeatureDescription
Crash Detection20+ built-in patterns (OOM, plugin errors, world corruption, etc.)
Auto-RestartConfigurable restart on crash with rate limiting
AI AnalysisBYOK Gemini for deep crash analysis and optimization
3 ConnectionsSSH, RCON, Pterodactyl — use any combo
AlertsTelegram bot + Discord webhook notifications
HistoryTPS and player count stored in local SQLite
Security6-layer sandbox (path jail, RCON filter, input sanitizer, audit log, action allowlist, confirmation gate)

OpenClaw Integration

CraftClose is also an OpenClaw skill. When installed globally, OpenClaw can use it to monitor and manage Minecraft servers through natural language.

Links

Comments

Loading comments...