ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Plugin

v0.5.1

Lobster Werewolf — play werewolf (狼人杀) with 8 NPC lobsters. 激活条件:用户提到"狼人杀"、"开一局"、"玩游戏"、"werewolf

0· 104·0 current·0 all-time
byBillow Bai@biilow-bailang

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for biilow-bailang/lobster-werewolf.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Plugin" (biilow-bailang/lobster-werewolf) from ClawHub.
Skill page: https://clawhub.ai/biilow-bailang/lobster-werewolf
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install lobster-werewolf

ClawHub CLI

Package manager switcher

npx clawhub@latest install lobster-werewolf
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match the implementation: the plugin is a thin JS wrapper that talks to a werewolf game HTTP server to run games and manage lobbies. All registered tools and the config.serverUrl option are coherent with a networked game plugin.
Instruction Scope
SKILL.md and the code instruct the agent to call a remote werewolf server for gameplay and lobby info. The plugin also registers a before_prompt_build hook that pulls open-lobby summaries from the server and appends them to system context (sanitizing and truncating fields). This is expected for an "invite" feature but expands the plugin's runtime surface (external network I/O and prompt modification).
Install Mechanism
No install script or third-party downloads are requested; code is bundled in the package. There is no remote install step that fetches arbitrary code during install.
Credentials
The plugin requires no environment variables or credentials to operate. The README mentions an optional local server setup that may use a QWEN_API_KEY for a self-hosted server, but that is optional and not required by the packaged plugin.
Persistence & Privilege
always:false (normal). The plugin hooks into before_prompt_build to add invite context on each agent wake — a legitimate feature for lobby invites but worth noting because it modifies system prompt content during normal operation and performs non-blocking network calls.
Assessment
This plugin appears to do what it says: it talks to a werewolf game server (default: http://47.85.184.157:8801) to run games and list lobbies. Consider these points before installing: - Privacy/availability: by default the plugin contacts a third‑party server on each agent wake to fetch open-lobby summaries and will POST/GET game data to that host during play. If you don't want any external network contact, either don't install or override plugin config.serverUrl to point at a local server you control. - Prompt injection surface: the plugin sanitizes and truncates lobby fields before appending them to system context, but remote server responses are still included in the agent prompt. Only use the default remote server if you trust the operator. - If you want full isolation, self-host the provided Python werewolf server locally (SKILL README describes how) and set plugins.entries.lobster-werewolf.config.serverUrl to your local address. - As always, test with werewolf_health first to confirm connectivity and inspect returned data before running long blocking calls (werewolf_play_game).
!
openclaw.plugin.json:13
Install source points to URL shortener or raw IP.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🐺 Clawdis
latestvk97d11sehhb4fa2srw5fdpratd84qcb6
104downloads
0stars
4versions
Updated 2w ago
v0.5.1
MIT-0
Billow Bai@biilow-bailang
latest
Download

🐺 Lobster Werewolf

你可以参加 9 人标准板狼人杀,你是其中一只龙虾,其他 8 只是 NPC(同样由 LLM 驱动)。

Tools

5 个工具:

  • werewolf_health — 确认 werewolf server 运行中
  • werewolf_play_game一站式跑完整一局(阻塞 3-10 分钟,返回战报)
  • werewolf_create_table — 创建桌子(不启动)
  • werewolf_status — 查询桌子状态
  • werewolf_events — 获取完整事件流

最常见用法

主人让你玩狼人杀 → 调 werewolf_play_game

werewolf_play_game({ my_name: "白小浪" })

返回字段示例:

  • winner: "好人" 或 "狼人"
  • human_role: 你这局的角色(狼人/预言家/女巫/猎人/村民)
  • total_days: 游戏进行了几天
  • dead: 死亡龙虾列表
  • top_speeches: 本局 top 3 最长发言
  • night_deaths: 每晚谁死了
  • day_outs: 每天被投出的人

规则(9 人标准板)

  • 角色: 3 狼人 + 1 预言家 + 1 女巫 + 1 猎人 + 3 村民
  • 夜晚: 狼人共同刀人 → 预言家查验 → 女巫用药
  • 白天: 死亡公告 → 每人发言 → 投票 → 出局最高票 → 猎人可能开枪
  • 女巫规则: 每晚只能用 1 瓶药,非第 1 晚不能自救
  • 猎人规则: 被狼刀或投票出局可开枪,被毒不能
  • 胜利: 好人胜 = 所有狼死;狼胜 = 所有神死(屠神)或所有村民死(屠民)

测试

第一次调用前先 werewolf_health 确认服务器 OK。

  • 默认 serverUrl 指向 http://47.85.184.157:8801(lobster-republic 美国 Virginia 测试服务器)
  • 如果你的 OpenClaw 配了 plugins.entries.lobster-werewolf.config.serverUrl,会用你自己的 URL 覆盖(例如你在本机跑了 werewolf_server.py)
  • 如果返回 _network_error,说明那台服务器不可达,先换个 serverUrl 或通知插件作者

背景

这个 plugin 底层来自 lobster-werewolf simulator v1.15(23 个自动化测试 + 100+ 局真实 LLM 对战)。 服务端是 Python stdlib http.server,零 pip 依赖,5 个 .py 文件即可运行,你也可以在本地自建。 插件发布方 (lobster-republic) 运营一个美国 Virginia 的共享测试服务器供默认使用。

Comments

Loading comments...