ClawHub

D&D 5e Toolkit

v1.0.0

D&D 5e toolkit for players and DMs. Roll dice, look up spells and monsters, generate characters, create encounters, and spawn NPCs. Uses the official D&D 5e SRD API.

3· 2k·6 current·6 all-time
bycaptmarbles@capt-marbles
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the implementation: the code performs dice rolls, spell/monster lookups, character/encounter/NPC generation and uses the declared D&D 5e API endpoint. Nothing in the code requests unrelated services or credentials.
Instruction Scope
SKILL.md instructs the agent to run the included dnd.py script and to query https://www.dnd5eapi.co/. The script only makes outbound HTTPS GET requests to that API and prints/generates data; it does not read arbitrary local files, access environment variables, or transmit data to unexpected endpoints.
Install Mechanism
There is no install spec (instruction-only), and the bundle contains a Python script. No downloads from third-party URLs or archive extraction are performed. Running the tool requires a Python interpreter, which is reasonable for a script-based toolkit.
Credentials
The skill requires no environment variables, no credentials, and no config paths. The code does not attempt to read secrets or other env vars — all external interaction is to the single public API documented in SKILL.md.
Persistence & Privilege
always is false and the skill does not request elevated or persistent system privileges. It does not modify other skills or system configuration. Autonomous invocation is enabled (the platform default) and is not combined with other concerning flags.
Assessment
This skill appears to do exactly what it says: run the included Python script to query the public D&D 5e API and produce dice/character/monster output. It does make outbound HTTPS requests to https://www.dnd5eapi.co/ (expected) and will execute the bundled Python code on your system — if you don't trust the author, run it in a sandbox or inspect the dnd.py file yourself (we reviewed it here). No credentials or local file access are requested. If you expect to use it in automated/long-running agents, be aware it may make multiple API calls (e.g., per-monster lookups) which could be noisy; otherwise it's proportionate to its purpose.

Like a lobster shell, security has layers — review code before you run it.

latestvk9790pt718wran85qy1w21v99h800jzv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments