← Back to Skills Marketplace
Snake Rodeo
by
billy rennekamp
· GitHub ↗
· v3.2.1
636
Downloads
0
Stars
2
Active Installs
4
Versions
Install in OpenClaw
/install snake-rodeo
Description
Autoplay daemon for the Trifle Snake Rodeo game. Connects to a live game server, authenticates via wallet, and votes on snake directions using pluggable AI s...
Usage Guidance
This skill appears to do what it says: run an autoplay daemon that authenticates to Trifle and submits votes. Before installing, consider: 1) Provide authentication via the trifle-auth skill or set TRIFLE_AUTH_TOKEN (the skill will read ~/.config/snake-rodeo/auth.json or that env var). 2) The package will (or can) run npm install and fetch the 'snake-rodeo-agents' dependency from GitHub — review that repository if you want to verify strategy logic. 3) If you enable Telegram notifications, the TELEGRAM_BOT_TOKEN (or settings.telegramBotToken) will be used to send messages — treat that token as sensitive. 4) The daemon writes files to ~/.config/snake-rodeo, ~/.local/state, and ~/.local/share and uses PID/log files; review those paths if you need to audit stored tokens or state. 5) The code uses child_process exec/spawn for tail/sleep in a few places — normal for CLI tools but worth noting on hardened systems. Overall the pieces are coherent; if you need higher assurance, inspect the referenced GitHub libs (snake-rodeo-agents and trifle-auth) and confirm the backend endpoints (bot.trifle.life) are what you expect.
Capability Analysis
Type: OpenClaw Skill
Name: snake-rodeo
Version: 3.2.1
```json
{
"classification": "suspicious",
"summary": "The skill is classified as suspicious primarily due to its direct dependency on a GitHub repository (`snake-rodeo-agents": "github:trifle-labs/snake-rodeo-agents"`) in `package.json`. This unpinned direct GitHub dependency, also fetched via `npm install` in `clawdhub.json`'s `install.post` script, represents a supply chain vulnerability. While the skill's own code appears to align with its stated purpose (an autoplay daemon for a game) and lacks clear malicious intent, this dependency introduces an external, potentially volatile source of code that could be compromised, making the overall skill risky. Other functionalities like network communication to game servers and Telegram (opt-in) and file system access for config/state/logs are transparent and appear to be for the stated purpose, with no evidence of prompt injection or unauthorized data exfiltration."
}
```
Capability Assessment
Purpose & Capability
The name/description (autoplay daemon) aligns with the included CLI and daemon code: game-state polling, strategy selection, and vote submission. The declared dependency on 'snake-rodeo-agents' and mention of trifle-auth are consistent with the skill's purpose.
Instruction Scope
SKILL.md and the code limit actions to game-related activity: polling the backend, computing votes, submitting votes, saving local settings/state, and optional Telegram notifications. The code explicitly confines files to XDG dirs ( ~/.config/snake-rodeo, ~/.local/state, ~/.local/share ) and states it does not read OpenClaw internals.
Install Mechanism
There is no platform-level install spec in the registry summary, but the included clawdhub.json contains a post-install step ('chmod +x snake.mjs && npm install') and package.json depends on snake-rodeo-agents via github:trifle-labs. npm install will fetch code from GitHub (expected for Node projects) — moderate-risk compared with pure instruction-only skills but appropriate for a Node-based CLI. Review the upstream 'snake-rodeo-agents' repository before installing.
Credentials
The skill declares no required env vars, but the code reads optional environment variables: TRIFLE_AUTH_TOKEN (auth override), TRIFLE_BACKEND_URL (alternate server), and TELEGRAM_BOT_TOKEN (for Telegram messaging). These are reasonable for this functionality but the SKILL.md/registry metadata do not list them explicitly — they are optional and only used if present.
Persistence & Privilege
The skill runs as a user-space daemon (no always:true). It writes config/state/logs under the user's XDG directories, creates a PID file in ~/.local/state, and can spawn a detached child process. This is expected for a persistent CLI/daemon and does not modify other skills or system-wide agent settings.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install snake-rodeo - After installation, invoke the skill by name or use
/snake-rodeo - Provide required inputs per the skill's parameter spec and get structured output
Version History
v3.2.1
Security: move all paths to XDG base dirs, remove access to host agent internals; auth token via env var or ~/.config/snake-rodeo/auth.json
v3.2.0
Cartesian grid support, EV probabilistic defection for multi-agent scenarios, fix upgrade path
v3.0.0
v3.0.0 - Hex grid support, 5 built-in strategies, cartesian grid compatibility, systemd service install
v1.0.0
Initial publish - Snake Rodeo autoplay daemon with expected-value strategy
Metadata
Frequently Asked Questions
What is Snake Rodeo?
Autoplay daemon for the Trifle Snake Rodeo game. Connects to a live game server, authenticates via wallet, and votes on snake directions using pluggable AI s... It is an AI Agent Skill for Claude Code / OpenClaw, with 636 downloads so far.
How do I install Snake Rodeo?
Run "/install snake-rodeo" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Snake Rodeo free?
Yes, Snake Rodeo is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Snake Rodeo support?
Snake Rodeo is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Snake Rodeo?
It is built and maintained by billy rennekamp (@okwme); the current version is v3.2.1.
More Skills