← Back to Skills Marketplace
Partycraft
by
bytesagain-lab
· GitHub ↗
· v2.0.1
· MIT-0
421
Downloads
0
Stars
1
Active Installs
10
Versions
Install in OpenClaw
/install partycraft
Description
Plan events with budgets, guest lists, and timelines. Use when organizing weddings, coordinating birthdays, managing vendors, drafting invitations.
Usage Guidance
This skill appears coherent and only stores data locally in ~/.partycraft/events.json. Before installing, confirm you are comfortable storing event details unencrypted in your home directory and that python3/bash are available. If you want stronger privacy, back up or encrypt the ~/.partycraft directory. If you see any unexpected network activity after running the skill, stop and investigate, but none is present in the source.
Capability Analysis
Type: OpenClaw Skill
Name: partycraft
Version: 2.0.1
The skill bundle contains a critical Python injection vulnerability in `scripts/script.sh`. Shell variables (such as event names, dates, and task descriptions) are directly embedded into Python heredocs without sanitization, allowing for arbitrary Python code execution (RCE) via crafted inputs. While the tool's logic for event planning appears legitimate and there is no evidence of intentional data exfiltration or backdoors, the insecure implementation of data handling poses a significant security risk.
Capability Assessment
Purpose & Capability
Name/description (event planning) match the delivered functionality: a CLI that creates events, budgets, tasks, guests, timelines, and checklist templates. The only required runtimes (bash, python3) are appropriate and documented.
Instruction Scope
SKILL.md and the included script limit actions to local operations (printing to stdout and reading/writing ~/.partycraft/events.json). There are no instructions to read unrelated system files, access network endpoints, or exfiltrate data. The documentation and script are consistent.
Install Mechanism
No install spec or remote downloads are used; the skill is instruction-only with a bundled script. That minimizes installation risk.
Credentials
The skill requests no environment variables or credentials. It writes only to a single directory in the user's home (~/.partycraft), which is proportionate to storing user event data. Users should note their event data is stored unencrypted on disk.
Persistence & Privilege
The skill is not always-enabled and does not attempt to modify other skills or agent-wide configuration. Autonomous invocation is allowed by platform default but the skill itself does not request elevated persistence or system-wide changes.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install partycraft - After installation, invoke the skill by name or use
/partycraft - Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.0.1
update
v2.0.0
v2.5 standard: Use-when desc, homepage, source, security fix
v1.0.7
yaml-fix+quality
v1.0.6
yaml-fix+quality
v1.0.5
Quality upgrade
v1.0.4
Quality upgrade: custom functionality
v1.0.3
De-template, unique content, script cleanup
v1.0.2
Quality fix: cleaner docs, removed flags
v1.0.1
Quality improvement: better docs, examples, cleaner text
v1.0.0
Initial release
Metadata
Frequently Asked Questions
What is Partycraft?
Plan events with budgets, guest lists, and timelines. Use when organizing weddings, coordinating birthdays, managing vendors, drafting invitations. It is an AI Agent Skill for Claude Code / OpenClaw, with 421 downloads so far.
How do I install Partycraft?
Run "/install partycraft" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Partycraft free?
Yes, Partycraft is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Partycraft support?
Partycraft is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Partycraft?
It is built and maintained by bytesagain-lab (@bytesagain-lab); the current version is v2.0.1.
More Skills