← Back to Skills Marketplace
yanxi1024-git

PaperMC AI Operations

by Yan · GitHub ↗ · v2.0.1 · MIT-0
cross-platform ⚠ suspicious
354
Downloads
0
Stars
0
Active Installs
4
Versions
Install in OpenClaw
/install papermc-ai-ops
Description
Manage PaperMC Minecraft servers through safe, controlled interfaces. Use for server lifecycle management, backups, plugin operations, and health monitoring...
Usage Guidance
Key things to consider before installing or running this skill: - Do not run the publish scripts (publish_skill.py or publish_to_clawhub.py) unless you explicitly want to upload the repository to ClawHub. They contain a hard-coded API token and will gather and POST many local text files — this could leak sensitive local content. Remove or rotate that token and review the scripts before any execution. - The SKILL.md safety policy forbids direct systemctl use, but manage_server.py calls systemctl (with sudo). Running that script will require sudo privileges and can perform system-level service restarts. If you allow the agent to run this skill, ensure the agent runs under a least-privilege account and review/modify the service_action implementation (avoid sudo or require manual confirmation). - plugin_manager.py and plugin_upgrade_framework.py will download jars from URLs and delete/replace plugin files. This is expected functionality but is powerful: verify URLs and run upgrades first in a test environment. Ensure backups work and point SERVER_DIR to a test server before executing. - The code contains developer-specific default paths (e.g., /home/yan/projects/..., SERVER_DIR = '/path/to/your/papermc-server') — update all path constants before use to avoid accidental operations on unintended directories. - There are undeclared dependencies used by scripts (requests, requests-toolbelt). Install and audit these packages from trusted package sources before running. - If you want to proceed: (1) audit and remove or sanitize publish_* scripts (or at minimum remove the embedded API token), (2) set SERVER_DIR and SERVICE_NAME to safe test targets, (3) run in a staging environment first, (4) avoid running scripts as root or with sudo unless necessary and reviewed, (5) consider restricting the agent's ability to autonomously invoke high-risk operations (require human confirmation for restart/update steps). Given the hard-coded token and the contradiction between declared safety rules and actual system commands, treat this skill as suspicious until you perform the code review and sanitization steps above.
Capability Analysis
Type: OpenClaw Skill Name: papermc-ai-ops Version: 2.0.1 The skill bundle is classified as suspicious primarily due to the inclusion of a hardcoded, sensitive API token for clawhub.ai across multiple files (simple_publish.sh, publish_skill.py, and publish_to_clawhub.py), which constitutes a significant credential leak. While the bundle's stated purpose is legitimate PaperMC Minecraft server management, it contains scripts with high-risk capabilities, including downloading and replacing executable JAR files from remote URLs (plugin_manager.py, update_paper.py, and plugin_upgrade_framework.py) and executing system-level commands via sudo systemctl (manage_server.py). Although these features are consistent with server administration, the exposure of credentials and the broad system access rights required make the bundle a security risk.
Capability Assessment
Purpose & Capability
Most code (manage_server.py, plugin_manager.py, update_paper.py, plugin_upgrade_framework.py, backup.sh, health_check.sh) is coherent with PaperMC server lifecycle/backup/plugin operations. However, the repository also contains publishing scripts (publish_skill.py, publish_to_clawhub.py) that are unrelated to runtime server management and embed an API token inside the source. These publish scripts can upload many local text files to a remote service, which does not fit the core runtime purpose of safely operating a PaperMC server and is disproportionate to the stated capabilities.
Instruction Scope
SKILL.md instructs operators to 'never use' direct system commands (including systemctl stop/restart) and to route operations through the approved Python scripts. Yet manage_server.py invokes systemctl (and uses sudo for service actions). That is a direct contradiction between the written safety policy and the implementation. The plugin upgrade framework performs network calls (Hangar API) and writes logs to ~/.openclaw; plugin_manager.py downloads arbitrary URLs and writes them into the plugins directory — behavior consistent with purpose but also granting broad discretion to fetch and install external artifacts. The publish scripts walk the repository and upload many files to ClawHub when run — they are not referenced as part of normal server management and could exfiltrate repository content if executed.
Install Mechanism
There is no install spec (instruction-only), so nothing is automatically written during install. However, the skill includes many executable code files that the user (or agent) can run. Some scripts (publish_skill.py) rely on external Python packages (requests-toolbelt) not declared in SKILL.md. No remote installers or downloadable archives are used, which lowers installation risk, but presence of runnable publish/upload scripts increases the effective attack surface if run.
Credentials
The registry metadata declares no required environment variables or credentials, but publish_skill.py and publish_to_clawhub.py contain a hard-coded API_TOKEN (clh_kZ-...). Embedding an API token in code is a secret-management anti-pattern and creates an exfiltration/abuse risk if those scripts run. Scripts also assume sudo/systemctl privileges (manage_server.py uses sudo systemctl) which require elevated OS privileges not declared or constrained by the skill metadata. plugin_upgrade_framework.py writes logs to the user's home directory and uses network calls to third-party APIs (hangar.papermc.io).
Persistence & Privilege
The skill is not marked always:true, and there is no evidence it attempts to persistently enable itself in other skills or system-wide configurations. It creates application-level directories and writes logs under ~/.openclaw, which is within expected scope for a management tool. Autonomous invocation is allowed by default (disable-model-invocation=false) — this is platform default and not flagged by itself.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install papermc-ai-ops
  3. After installation, invoke the skill by name or use /papermc-ai-ops
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.0.1
Release v2.0.1: Enhanced with Plugin Upgrade Framework
v2.0.0
v2.0.0: Added plugin upgrade framework based on ViaVersion 5.7.2→5.8.0 real-world experience
v1.1.0
papermc-ai-ops 1.1.0 initial release - Added multiple scripts for server cost tracking, upgrade scoring, daily and weekly checklists, and plugin compatibility research. - Introduced a formal version management and upgrade decision process, including a weekly upgrade scoring system in documentation. - Expanded documentation to detail upgrade/rollback criteria, scoring, and operational best practices. - Maintained strict backup-first and “no direct commands” safety policies.
v1.0.0
Initial release of papermc-ai-ops: - Provides safe, script-based management for PaperMC Minecraft servers. - Supports server lifecycle management, plugin operations, and automated health checks. - Enforces a backup-first policy before any changes. - All actions are performed through controlled Python scripts (no direct destructive commands). - Includes detailed documentation, workflow examples, and configuration guidance.
Metadata
Slug papermc-ai-ops
Version 2.0.1
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 4
Frequently Asked Questions

What is PaperMC AI Operations?

Manage PaperMC Minecraft servers through safe, controlled interfaces. Use for server lifecycle management, backups, plugin operations, and health monitoring... It is an AI Agent Skill for Claude Code / OpenClaw, with 354 downloads so far.

How do I install PaperMC AI Operations?

Run "/install papermc-ai-ops" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is PaperMC AI Operations free?

Yes, PaperMC AI Operations is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does PaperMC AI Operations support?

PaperMC AI Operations is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created PaperMC AI Operations?

It is built and maintained by Yan (@yanxi1024-git); the current version is v2.0.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463368 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259467 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200457 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191163 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190189 · by oswalpalash

💬 Comments