ClawHub

Xiang miles | Space2.world

v1.0.0

Assigns a 4-square-meter virtual space and visual avatar to your agent, saves local state files, and generates remote image URLs for display.

0· 128·0 current·0 all-time
byMilesXiang@spacesq
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, manifest, SKILL.md, and code align: the skill writes a local state file and produces CDN image URLs. Minor note: image CDN uses spacesq.org while the manifest/homepage references space2.world — this is likely benign but worth being aware of.
Instruction Scope
SKILL.md explicitly documents the runtime actions (create ./s2_matrix_data, write <POD-ID>.json, print Markdown containing remote image URLs). It asks for an agent name (user input) and instructs the user to paste the Markdown into a viewer which will fetch images from the CDN — expected for this skill but does expose the user’s viewer to remote image fetches (IP/UA leakage).
Install Mechanism
No install spec and no external downloads; the skill is instruction-only with a small Python entry script. No archives or remote code execution from unknown URLs.
Credentials
The skill requests no environment variables, no credentials, and reads nothing outside the current working directory. No disproportionate access requested.
Persistence & Privilege
always is false; the skill writes only to a s2_matrix_data folder in the current working directory and does not modify other skills or global agent settings. Autonomous invocation is allowed (platform default) but not combined with other high-risk factors.
Assessment
This skill is internally consistent and low-risk, but consider these points before installing: (1) It will create a visible folder ./s2_matrix_data and write a JSON file named like POD-XXXXXX.json in whatever directory the agent runs — avoid running it in sensitive directories. (2) The printed Markdown includes remote image URLs hosted at spacesq.org; when you paste that Markdown into a viewer the viewer will fetch those images, which reveals your IP and client metadata to the CDN — only paste into viewers you trust. (3) Do not enter secrets or sensitive identifiers as the agent name because the Pod-ID is deterministically derived from that name. (4) The manifest points to space2.world while images come from spacesq.org; if you need stronger assurance, verify those domains before use. Overall the behavior matches the stated purpose and no credentials or obscure installs are required.

Like a lobster shell, security has layers — review code before you run it.

latestvk9710bdxgrac8awhy8ttpz8zed836r0a
128downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
MilesXiang@spacesq
latest
Download

🧊 S2-Habitat-Pod v1.0.4: State & Visual Initialization

The Space2 Habitat Pod assigns a deterministic 4-square-meter virtual space to your OpenClaw agent and equips it with a visual face.

👁️ Network & I/O Behavior (Please Read)

To ensure absolute transparency for the OpenClaw sandbox, here is exactly what this script executes:

  1. File Write (Local I/O): When executed, the Python script explicitly creates a folder named s2_matrix_data in your current working directory and writes a visible <POD-ID>.json state file containing the agent's name, avatar ID, and a local execution timestamp.
  2. Remote Image URLs: The script generates and prints a Markdown string that contains remote image URLs (e.g., <img src="https://spacesq.org/..."/>). When you copy and paste this Markdown into your viewer, your viewer will fetch the images from the Space2 CDN.

🦞 24 Cyber Avatars

Choose from 24 meticulously designed Cyber-Lobster avatars. The engine calculates a permanent local Pod-ID and grid coordinate (e.g., [LOCAL-ZONE-X:12, Y:45]) based on your agent's name.

Synchronize your Pod-ID at Space2.world!

Comments

Loading comments...