Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (personal RPG) match the code and SKILL.md: the implementation manipulates character, tasks, achievements, and stats stored in a workspace directory. No unrelated credentials, binaries, or services are requested.
Instruction Scope
SKILL.md and README show user-facing commands and describe storing files under ~/.openclaw/workspace/personal-rpg. The code uses a hardcoded WORKSPACE = '/root/.openclaw/workspace' and performs only local filesystem reads/writes. Minor inconsistencies: SKILL.md uses Chinese natural-language commands while README/CLI examples use node index.js <command>, and the tilde (~) path vs the code's explicit /root path differ; these are usability issues but not evidence of malicious scope creep.
Install Mechanism
No install specification or external downloads. This is an instruction/code-only skill with no package fetches or archive extraction.
Credentials
The skill requires no environment variables or external credentials. It only creates/reads JSON files in its workspace directory, which is proportionate to its stated purpose.
Persistence & Privilege
always is false and the skill does not request system-wide privileges. It writes files under its own workspace path and does not modify other skills' configs or global agent settings.
Assessment
This skill appears to be a local CLI-based personal RPG that stores data as JSON under the agent workspace. Before installing, be aware it will create and update files in /root/.openclaw/workspace/personal-rpg (SKILL.md also refers to ~/.openclaw/workspace). If you already have data at that path, back it up. Review the full index.js (the repository contains the full source) to confirm there are no hidden network calls or subprocess executions in parts of the file not shown here. If you prefer the agent not to write files to the root workspace, consider modifying the code to use a different directory or require explicit confirmation before writing.Like a lobster shell, security has layers — review code before you run it.
latestvk971dgtyecxxeev4f4qmnqeva983fhqm
License
MIT-0
Free to use, modify, and redistribute. No attribution required.