Gamebox
PassAudited by VirusTotal on May 1, 2026.
Overview
Type: OpenClaw Skill Name: gamebox Version: 1.0.1 The 'gamebox' skill bundle implements a multi-player game engine using local file storage for state management. While the game logic appears benign, the code contains a significant path traversal vulnerability. In 'scripts/common.py' and 'scripts/manager.py', user-provided parameters such as 'game_id' and 'game_dir' are used to construct file paths without consistent sanitization, despite a 'safe_id' validation function being defined. This flaw could allow an attacker to read or write arbitrary JSON files, or even delete directories via the 'shutil.rmtree' call in 'manager.py'. No evidence of intentional malice or data exfiltration was found, so it is classified as suspicious due to these high-risk implementation flaws.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malformed or untrusted game_id/game_dir could cause the agent to create or operate on local directories outside the intended game folder.
The shared game directory and game ID are used directly to create filesystem paths. Without normalization and containment checks, absolute paths or '../' traversal in parameters can move file operations outside the intended .gamebox/games tree.
gd = params.get("game_dir", DEFAULT_GAME_DIR) ... gp = os.path.join(gd, game_id)
os.makedirs(gp, exist_ok=True)Reject absolute paths and '..' segments, validate game_id with the existing safe_id-style rules, resolve paths with realpath/abspath, and verify every resolved path stays under the configured game directory before creating, reading, writing, or deleting files.
Players or agents with access to the shared directory should not assume private or role messages are confidential; channel names may also be abused to access unexpected paths.
Private-message targets and role-channel names are used as path components without validation, and receiving a role channel depends only on the caller-supplied role value. The shared-directory design does not enforce that only the intended user or role can access those messages.
d = os.path.join(msg_dir, "private", target) ... elif channel == "role" and role:
collect(os.path.join(msg_dir, "role", role))Validate target and role names, check that senders/receivers are game members with the right role, keep resolved channel paths inside the message directory, and clearly document that shared-directory privacy is not a security boundary unless stronger controls are added.
Game messages and logs may remain available to later agents or sessions and could influence future game narration or decisions.
The skill intentionally persists game state, actions, messages, and logs in a shared local directory.
.gamebox/ ... state.json ... actions/ ... messages/ ... logs/
Avoid sharing secrets in game content, use a dedicated game directory, and delete old .gamebox data when it is no longer needed.
It is harder to independently verify the origin or maintenance history of the skill.
The registry metadata does not provide an upstream source or homepage, so provenance is limited even though the provided code is self-contained and uses only the Python standard library.
Source: unknown; Homepage: none
Review the bundled code before use and prefer a version with a verifiable repository or publisher history if available.