Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Agent Rpg
v1.0.1Transform the agent into a versatile, genre-agnostic Roleplay Game Master (GM) with state management tools. Use when you want to play a text-based RPG in any...
⭐ 0· 962·6 current·6 all-time
by@xhrisfu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name, description, SKILL.md, and included scripts align: a text-RPG GM that uses dice rolls and a simple filesystem-backed state (memory/rpg). No unrelated cloud credentials or binaries are requested and the files (context.py, dice.py, assets, references) match the stated purpose.
Instruction Scope
SKILL.md explicitly instructs the agent to invoke the included Python tools (context.py and dice.py) and to store state under memory/rpg/<campaign_name>. That's expected for a save-file-based RPG, but the instructions (and the scripts) allow arbitrary campaign names provided by the user/agent with no sanitization — enabling relative paths like '../' or absolute paths to be embedded in campaign names and potentially write outside the intended memory directory. The instructions also tell the agent to run local scripts via relative paths (e.g., python3 skills/agent-rpg/scripts/context.py), which is expected but elevates the risk if paths/inputs are uncontrolled.
Install Mechanism
No install spec; this is instruction+script only. That reduces supply-chain risk because nothing external is downloaded or executed during install.
Credentials
The skill requests no environment variables, no external credentials, and no network endpoints. The scope of access (local filesystem reads/writes for game state) is consistent with the stated purpose.
Persistence & Privilege
The skill persists state to disk (memory/rpg/...), which is expected for a campaign save system and 'always' is false. The main risk is the lack of input validation on campaign names and other CLI inputs, which can allow writes outside the intended save folder. The skill does not modify other skills' configs or request elevated privileges.
What to consider before installing
This skill is coherent with its RPG GM purpose and contains the source of its small helper scripts, but it has a practical security flaw: campaign names (and other inputs) are used directly to construct filesystem paths without sanitization. That can allow path traversal (e.g., campaign names containing '../' or absolute paths) and cause the skill to create or overwrite files outside memory/rpg. Before installing or enabling this skill:
- Inspect or run the scripts in a sandboxed environment (container or VM) with limited filesystem permissions.
- If you intend to use it, patch scripts/context.py to sanitize campaign names (reject path separators, normalize and resolve the final path, and enforce that the resolved path remains under MEMORY_ROOT). Example mitigations: strip path separators, allow only [A-Za-z0-9_.-], or use path.resolve() and verify it is a subpath of MEMORY_ROOT.
- Run the agent with least-privilege filesystem access so the skill cannot overwrite sensitive files.
- Because there are no network calls or secrets requested, there's no immediate exfiltration signal, but treat campaign names and other CLI parameters as untrusted input.
If you want a safer quick check: run the scripts manually with safe campaign names first and confirm they only create files under memory/rpg as intended.Like a lobster shell, security has layers — review code before you run it.
latestvk979pk12a1271nkh5a62v6dhv9833h5s
License
MIT-0
Free to use, modify, and redistribute. No attribution required.