← Back to Skills Marketplace

三体：文明的抉择

Name: 三体：文明的抉择
Author: bushushu2333

by bushushu2333 · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

120

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install santi-text-game

Description

恐怖惊魂夜 - 互动式恐怖悬疑剧本杀游戏。玩家将在雪山旅馆中经历一场惊心动魄的生存冒险，通过调查线索、做出选择来推动剧情发展。支持多结局、角色扮演、线索系统。适用于互动小说、剧本杀、文字冒险游戏等场景。

Usage Guidance

Do not install this skill on a machine with sensitive data or live credentials yet. Specific concerns: (1) The package includes many unrelated scripts and integration code (Feishu, Gmail, publishing) and files containing API keys/credentials (gmail-credentials.json, service-account.json, cookies.json, API keys pasted in MEMORY.md). (2) AGENTS.md and other workspace docs direct the assistant to read long-term memory and user files without asking — this is scope creep from a simple game. (3) The SKILL.md/references include prompt-injection-like system instructions and potential obfuscation. Actions to take before proceeding: - Ask the publisher for provenance (source/homepage/owner) and why so many unrelated files are bundled. Do not proceed if owner is unknown/untrusted. - Inspect the repository for secrets: search for 'API_KEY', 'SECRET', 'password', '.env', 'service-account.json', 'gmail-credentials.json', 'cookies.json' and remove or rotate any exposed credentials. - Run the skill in an isolated sandbox/VM with no access to your real workspace, network-restricted if possible. - If you only want the game, extract SKILL.md and the references/ game files into a clean directory and remove unrelated files; verify no scripts will be executed. - If you plan to allow autonomous actions, require explicit, minimal env vars and a clear install script from a trusted source; never grant broad file-system access. If you want, I can list the exact files that contain apparent credentials and the lines to inspect/rotate.

Capability Analysis

Type: OpenClaw Skill Name: santi-text-game Version: 1.0.0 The skill bundle is classified as suspicious due to the extensive presence of hardcoded sensitive credentials, including API keys and secrets for Feishu, Volcengine, Maton, Perplexity, and WeChat, found in files such as `doubao_seed2pro_service.py`, `MEMORY.md`, `TOOLS.md`, and `tools/feishu_send.py`. The bundle also includes high-privilege capabilities such as full desktop automation via pyautogui (`skills/desktop-control/__init__.py`) and the creation of persistent system services on macOS via launchd (`feishu-openclaw/setup-service.mjs`). While these features appear to be part of a legitimate personal automation environment for a specific user, the lack of credential sanitization and the inclusion of persistence mechanisms represent significant security vulnerabilities.

Capability Assessment

⚠ Purpose & Capability

The skill's name/description are for a text-adventure game, yet the package includes hundreds of unrelated files (Feishu connectors, Gmail creds, service account JSON, publishing scripts, many other skills). Declaring 'instruction-only' with no required env vars is inconsistent with the repository contents. The presence of social/publishing integrations and stored credentials does not belong to a simple single-game skill.

⚠ Instruction Scope

The SKILL.md itself limits runtime actions to reading game reference files, but other workspace docs (AGENTS.md, SOUL.md, MEMORY.md, TOOLS.md, HEARTBEAT.md) instruct the agent to read long-term memory, user files, and to perform external actions without asking. Those instructions expand scope far beyond a standalone game and enable access to sensitive workspace data.

✓ Install Mechanism

No install spec is declared (instruction-only), which usually lowers risk. However, this repository nonetheless contains many executable scripts and service files; absence of an install spec combined with many code files is inconsistent but does not itself execute code on install.

⚠ Credentials

The skill declares no required env vars, but multiple files contain credentials or references to secrets (gmail-credentials.json, service-account.json, FEISHU app id/secret, pasted API keys in MEMORY.md and TOOLS.md, cookies.json). A text-adventure game does not need these — their presence is disproportionate and suggests potential for credential exposure or misuse.

ℹ Persistence & Privilege

always:false (normal). However, AGENTS.md and other docs instruct the agent to autonomously read and update workspace memory files and to perform heartbeats and external actions. While autonomous invocation is the platform default, these embedded agent behaviors increase blast radius if the skill is enabled — combine with other red flags.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install santi-text-game
After installation, invoke the skill by name or use /santi-text-game
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

三体互动文字冒险游戏 v1.0

Metadata

Slug santi-text-game

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is 三体：文明的抉择?

恐怖惊魂夜 - 互动式恐怖悬疑剧本杀游戏。玩家将在雪山旅馆中经历一场惊心动魄的生存冒险，通过调查线索、做出选择来推动剧情发展。支持多结局、角色扮演、线索系统。适用于互动小说、剧本杀、文字冒险游戏等场景。 It is an AI Agent Skill for Claude Code / OpenClaw, with 120 downloads so far.

How do I install 三体：文明的抉择?

Run "/install santi-text-game" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is 三体：文明的抉择 free?

Yes, 三体：文明的抉择 is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does 三体：文明的抉择 support?

三体：文明的抉择 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created 三体：文明的抉择?

It is built and maintained by bushushu2333 (@bushushu2333); the current version is v1.0.0.

More Skills