v1.2.7

Godot Skill

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:29 AM.

Analysis

The skill is clearly for Godot editor control, but it installs a persistent gateway extension with broad project-changing commands and an unauthenticated-looking HTTP bridge that users should review before installing.

GuidanceReview the extension before installing, use it only on backed-up or version-controlled Godot projects, and avoid exposing the OpenClaw gateway to untrusted networks or browser origins. Consider requiring explicit approval for scene saves, node deletion, input simulation, and script-reading actions.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

extension/index.ts

description: "Execute a tool in the connected Godot Editor. Available tools: scene.getCurrent, scene.list, scene.open, node.find, node.create, node.delete, node.getData, transform.setPosition, debug.tree, debug.screenshot, editor.play, editor.stop, editor.getState, script.list, script.read, resource.list, and more."

The extension exposes a broad generic dispatcher that includes project mutation, deletion, editor control, input, screenshots, and script-reading capabilities, with no allowlist or confirmation behavior shown in the artifact.

User impactA mistaken or autonomous tool call could modify, delete, save, or inspect parts of a Godot project without an obvious review step.

RecommendationUse source control/backups, require explicit user confirmation for delete/save/input actions, and restrict the dispatcher to a documented allowlist of safe tools.

Unexpected Code Execution

SeverityLowConfidenceHighStatusNote

scripts/install-extension.sh

EXTENSION_DST="$HOME/.openclaw/extensions/godot" ... cp -r "$EXTENSION_SRC"/* "$EXTENSION_DST"/

The user-directed install script copies extension code into OpenClaw's extensions directory so it can run in the gateway after restart; this is central to the skill's purpose but is still executable code installation.

User impactInstalling the skill adds gateway code that can register tools and HTTP handlers.

RecommendationInstall only from a trusted source, review the extension files before running the script, and remove the extension if you no longer need Godot control.

Human-Agent Trust Exploitation

SeverityLowConfidenceMediumStatusNote

SKILL.md

### Recommendation: **`true`** ... **Reason:** During Godot development, it's useful for AI to autonomously perform supporting tasks ... **When to use `true`:** For sensitive tools (payments, deletions, message sending, etc.)

The model-invocation guidance is confusing: it recommends the setting that blocks auto-invocation while giving a reason favoring autonomy, and the skill also documents deletion-capable tools.

User impactA user may misunderstand whether the agent can invoke Godot tools automatically or whether deletion-like operations are protected.

RecommendationClarify the recommended invocation setting and consider disabling autonomous invocation for destructive project-changing tools.

Rogue Agents

SeverityLowConfidenceHighStatusNote

extension/index.ts

setInterval(cleanupStaleSessions, 30000); ... api.registerHttpHandler(handleGodotHttpRequest);

The extension installs persistent gateway behavior: an HTTP handler and recurring cleanup task. This appears purpose-aligned for maintaining Godot sessions, but it remains active beyond a single user request.

User impactThe Godot bridge can continue accepting session traffic while the gateway is running.

RecommendationDisable or uninstall the extension when not needed, and ensure the gateway is not exposed beyond trusted environments.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityMediumConfidenceHighStatusConcern

extension/index.ts

res.setHeader("Access-Control-Allow-Origin", "*"); ... case "status": { const activeSessions = Array.from(sessions.values()).map(s => ({ sessionId: s.sessionId, project: s.projectName, version: s.godotVersion, platform: s.platform, ... }));

The HTTP bridge permits any CORS origin and returns session identifiers plus project metadata; the shown handlers do not enforce an authentication check before registering sessions or exposing status.

User impactIf the gateway is reachable by an unintended client, that client may be able to observe session metadata or interfere with the Godot command/result flow.

RecommendationBind the bridge only to trusted local interfaces, add authentication or a shared secret for Godot sessions, avoid exposing session IDs through status, and restrict CORS to trusted origins.