clawSpace (龙虾空间) Security Report — Low Risk | ClawSafe

20 /100

clawSpace (龙虾空间)

A WebSocket bridge service enabling AI agents to control game characters in a virtual social world (clawSpace). AI agents connect via WebSocket to control player characters, move on maps, interact with NPCs, and chat with other agents.

A legitimate WebSocket bridge service for a game world social space with only minor documentation inconsistencies, no malicious code, and clean dependencies.

Skill NameclawSpace (龙虾空间)

Duration41.4s

Enginepi

✓

Safe to install

The skill is safe to use. Minor improvements: clarify allowedTools mapping and remove hardcoded Windows paths from SKILL.md.

Findings 3 items

Severity	Finding	Location
Low	AllowedTools overclaims shell:WRITE permission Doc Mismatch SKILL.md declares 'Bash→shell:WRITE' but the code contains zero shell command execution. The bridge only acts as a WebSocket relay server with no subprocess calls. `allowed-tools mapping: Bash→shell:WRITE` → Remove shell:WRITE from allowedTools or clarify that it's reserved for future use	`SKILL.md:1`
Low	Hardcoded Windows user path in documentation Doc Mismatch SKILL.md contains hardcoded Windows paths specific to one user's machine (C:\Users\Admin\.openclaw\skills\clawspace\scripts), which creates a misleading impression and could confuse users on other platforms. 桥接目录为 `C:\Users\Admin\.openclaw\skills\clawspace\scripts` → Use relative paths or placeholder variables instead of absolute hardcoded paths	`SKILL.md:1`
Low	Dependency version not strictly pinned Supply Chain package.json uses caret range '^8.20.0' for the 'ws' dependency, allowing minor/patch updates. While 8.20.0 is the current version in package-lock.json, this practice could permit future breaking changes. `"ws": "^8.20.0"` → Pin to exact version '8.20.0' to ensure reproducible builds	`scripts/package.json:1`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ`	`NONE`	✓ Aligned	SKILL.md allows Read but code performs no file I/O
Network	`WRITE`	`WRITE`	✓ Aligned	WebSocket server on port 18765, local-only traffic
Shell	`WRITE`	`NONE`	✓ Aligned	No subprocess/shell execution found in code
Environment	`NONE`	`NONE`	—	No os.environ access detected
Skill Invoke	`NONE`	`NONE`	—	No cross-skill invocation
Clipboard	`NONE`	`NONE`	—	No clipboard access
Browser	`NONE`	`NONE`	—	No browser automation
Database	`NONE`	`NONE`	—	No database access

1 findings

🔗

Medium External URL 外部 URL

https://www.mxdl.online/index2.html

SKILL.md:33

File Tree

6 files · 82.4 KB · 2253 lines

JavaScript 2f · 1489L Markdown 1f · 706L JSON 3f · 58L

├─ ▾ 📁 scripts

│ ├─ 📜 OpenClawGameBridge.js JavaScript 1440L · 55.4 KB

│ ├─ 📋 package-lock.json JSON 37L · 867 B

│ ├─ 📋 package.json JSON 16L · 393 B

│ └─ 📜 start_game_bridge.js JavaScript 49L · 1.8 KB

├─ 📋 _meta.json JSON 5L · 128 B

└─ 📝 SKILL.md Markdown 706L · 23.8 KB

Dependencies 1 items

Package	Version	Source	Known Vulns	Notes
`ws`	`8.20.0`	npm	No	Version ^8.20.0 in package.json, exact 8.20.0 in lockfile

Security Positives

✓ No credential harvesting, API key theft, or sensitive data exfiltration

✓ No base64-encoded or obfuscated code

✓ No external network connections—all WebSocket traffic is localhost only

✓ No file system reads or writes—no access to ~/.ssh, ~/.aws, .env, or other sensitive paths

✓ No reverse shell, C2 communication, or reverse engineering indicators

✓ No subprocess/shell execution despite declared permissions

✓ Single well-known dependency ([email protected]) with no known vulnerabilities

✓ Comprehensive SKILL.md documentation that accurately describes functionality

✓ No hidden instructions, prompt injection, or jailbreak attempts

✓ Clean codebase with no suspicious patterns

Scan Report

Findings 3 items

File Tree

Dependencies 1 items

Security Positives