ClawHub
Back to skill
v1.0.1

MCSManager Controller

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 7:50 AM.

Analysis

This instruction-only skill appears coherent for managing an MCSManager Minecraft server, but users should notice that it can use an API key and perform server-changing actions.

GuidanceThis looks reasonable for an admin who wants an agent to manage MCSManager servers. Before using it, make sure the API key is scoped appropriately, keep any real config.json private, and confirm the target instance before stop, kill, restart, or console-command actions.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
Start, stop, restart, kill, or send commands.

The skill is meant to perform operational changes on Minecraft server instances. This is aligned with the stated purpose and bounded by safety instructions, but those actions can disrupt a server if misused.

User impactThe agent could restart, stop, kill, or issue console commands to a configured server when directed.
RecommendationUse it only for the intended MCSManager instance, verify the target before actions, and review or confirm destructive commands.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityLowConfidenceHighStatusNote
config.example.json
"apiKey": "replace-me"

The skill expects an MCSManager API key or token for authenticated operations. This is normal for the integration, but it gives the agent delegated access to the MCSManager panel.

User impactAnyone or any agent with access to a real config.json may be able to control the configured MCSManager instance within that token's permissions.
RecommendationUse a least-privilege API key if possible, keep config.json private and untracked, and rotate the token if it is exposed.