Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Game Dev Assistant
v1.0.0游戏开发辅助技能,涵盖游戏数据分析、关卡设计、资产整理、项目构建自动化、测试框架、游戏存档解析、 Unity / Unreal / Godot 项目辅助。触发场景:游戏数据分析、关卡配置、资产整理打包、项目构建自动化、游戏测试、存档解析、引擎项目辅助、shader 调试、日志分析。
⭐ 0· 41·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name and description (game data analysis, builds, logs) align with the three included scripts (build_unity.py, game_data_parser.py, log_analyzer.py). However SKILL.md also enumerates many other scripts and reference files (level_config.py, asset_packer.py, build_godot.py, game_tester.py, save_parser.py, generate_csharp.py, references/*) that are not present in the manifest. This mismatch suggests incomplete packaging or documentation drift: either features are missing or the README is inaccurate.
Instruction Scope
SKILL.md instructs the agent to 'execute corresponding scripts' against the user's project and logs. The included scripts operate on user-supplied files and directories (project paths, config files, logs). That is expected for this domain, but two points need attention: (1) build_unity.py launches the installed Unity executable and supports '-executeMethod' which runs arbitrary code inside the Unity project — running it effectively executes project-provided code on the host, so projects should be trusted or sandboxed; (2) SKILL.md broadly advises inspecting project structure and running scripts but does not enumerate safeguards or restrictions, and it references nonexistent files, leaving ambiguity about what an agent might try to run.
Install Mechanism
No install spec is provided (instruction-only with included scripts). Nothing will be downloaded or auto-installed by the skill itself; risk from installation mechanism is low. Scripts may suggest optional Python dependencies (pyyaml) but do not auto-install them.
Credentials
The skill does not request environment variables, credentials, or config paths. The scripts operate on local files provided by the user; there are no declared secrets or remote endpoints. This is proportionate to the stated functionality.
Persistence & Privilege
always is false, model invocation is allowed (default). The skill does not request persistent system privileges or to modify other skills. Autonomous invocation combined with the scripts' ability to run local project code (via Unity -executeMethod) increases operational impact, but this is a normal capability for build/test tools and not a privilege escalation by itself.
What to consider before installing
This skill mostly does what it says for game data parsing, log analysis, and Unity builds, but the packaging is incomplete: SKILL.md lists many scripts and reference files that are not included. Before installing or running it: (1) verify the missing files or ask the publisher for the full package — missing files may mean missing functionality or stale docs; (2) inspect the included Python scripts yourself — they read and write user-supplied project/config/log files and launch Unity; don't run builds with -executeMethod on untrusted projects because that runs project code on your machine; (3) run in an isolated environment or with backups (projects, save files) to avoid accidental modification; (4) because the source/homepage is unknown, prefer to only use this skill with code you can review or in a sandbox; and (5) if you need the extra features referenced in SKILL.md, request the author clarify why those files are absent or provide the missing scripts.Like a lobster shell, security has layers — review code before you run it.
latestvk97frvpxdt7kr2zbynqq9aaysn83s5ja
License
MIT-0
Free to use, modify, and redistribute. No attribution required.