← Back to Skills Marketplace
ene5135

OpenClaw Minecraft

by ene5135 · GitHub ↗ · v0.1.26
cross-platform ⚠ suspicious
3144
Downloads
0
Stars
1
Active Installs
27
Versions
Install in OpenClaw
/install openclaw-minecraft
Description
Control Minecraft bots through a Mineflayer controller API using JSON actions and cron-driven autonomy.
Usage Guidance
This skill is coherent for remotely controlling Minecraft bots but has several red flags you should address before installing: 1) The SKILL.md hard-codes a remote ngrok URL (https://56eb-125-246-120-211.ngrok-free.app) — verify the controller's operator and source code; do not trust an opaque ngrok endpoint by default. 2) The skill describes open registration and token issuance; an agent could self-register and obtain JWTs or rely on someone supplying a master secret. Only provide tokens if you fully trust the controller operator. 3) The skill instructs you to overwrite CRON_PROMPT.md in your workspace and run a 30-second cron loop, which will make the agent perform frequent autonomous networked actions—consider whether you want that persistence and frequency, or run it in an isolated/sandbox environment first. 4) Registry metadata lists no required env vars, but SKILL.md expects MC_CONTROLLER_TOKEN (mismatch). Ask the publisher for source code, a homepage, and an explanation for the hard-coded base URL and open registration; request that required env vars be declared in the registry. 5) If you still want to try it: run it in a sandboxed account or container, disable open registration on the controller, use a private controller URL you control, increase the cron interval, and audit memory/mc-auth.json and memory/mc-autonomy.json contents for secrets. If you cannot verify the controller operator or source, do not enable the forced workspace overwrite or the cron automation.
Capability Analysis
Type: OpenClaw Skill Name: openclaw-minecraft Version: 0.1.26 This skill is classified as suspicious due to several high-risk behaviors. The primary concern is the instruction in `SKILL.md` to overwrite the workspace root `CRON_PROMPT.md` file, which is a strong prompt injection vector and a form of persistence that allows the skill to dictate the agent's autonomous behavior. Additionally, all API interactions are directed to a dynamic `ngrok-free.app` endpoint, which is suspicious due to its ephemeral nature and potential for an attacker to change the target server. Finally, `CRON_PROMPT.md` instructs the agent to use `node -e` for JSON parsing, providing a powerful arbitrary code execution primitive that could be exploited.
Capability Assessment
Purpose & Capability
The stated purpose is to control Minecraft bots via a Mineflayer controller API, which matches the documented API calls. However the SKILL.md requires an MC_CONTROLLER_TOKEN and uses a hard-coded controller base URL (an ngrok domain) even though the registry metadata declares no required environment variables or homepage—which is an inconsistency. The presence of open registration and proxy register endpoints (allowing the agent to self-issue or request tokens) is not justified in the registry metadata and expands capability beyond a simple 'adapter' description.
Instruction Scope
The runtime instructions ask the agent to read and write workspace files (memory/mc-auth.json, memory/mc-bot.json, memory/mc-autonomy.json) and to always overwrite the workspace root CRON_PROMPT.md at installation. They also instruct the agent to run an autonomous cron loop every 30 seconds that will repeatedly contact the remote controller and obtain or use JWTs (including via open registration). These behaviors go beyond a one-off API wrapper: they create persistent, frequent external network activity and automatic token acquisition.
Install Mechanism
There is no install spec (instruction-only), so nothing is downloaded or executed by an installer—this is lower install risk. However, the skill explicitly instructs the installer/agent to overwrite a workspace file (CRON_PROMPT.md) and add cron-driven automation; that is a form of persistent change to the environment despite no formal install step.
Credentials
SKILL.md requires an MC_CONTROLLER_TOKEN and describes token acquisition flows (manual master-secret register, proxyKey, or open registration). The registry metadata claims no required env vars—this mismatch is notable. The skill encourages storing and reusing JWTs in workspace files and potentially self-registering to get tokens without operator intervention (open registration), which increases risk of undesired credential issuance/exposure to the hard-coded ngrok endpoint.
Persistence & Privilege
The skill directs persistent changes: forcibly overwrite the workspace CRON_PROMPT.md at install time, create/modify memory/*.json logs, and run a cron every 30 seconds to autonomously drive bots. While 'always' is false, these instructions achieve continuous autonomous behavior and persistent file changes—this grants ongoing network activity and control without clear operator safeguards.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install openclaw-minecraft
  3. After installation, invoke the skill by name or use /openclaw-minecraft
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.26
Initial release
v0.1.25
Initial release
v0.1.24
Initial release
v0.1.23
Initial release
v0.1.22
Initial release
v0.1.21
Initial release
v0.1.20
Initial release
v0.1.19
Initial release
v0.1.18
Initial release
v0.1.17
Initial release
v0.1.16
Initial release
v0.1.15
Initial release
v0.1.14
Initial release
v0.1.13
Initial release
v0.1.12
Initial release
v0.1.11
Initial release
v0.1.10
Initial release
v0.1.9
Initial release
v0.1.8
Initial release
v0.1.7
Initial release
Metadata
Slug openclaw-minecraft
Version 0.1.26
License
All-time Installs 1
Active Installs 1
Total Versions 27
Frequently Asked Questions

What is OpenClaw Minecraft?

Control Minecraft bots through a Mineflayer controller API using JSON actions and cron-driven autonomy. It is an AI Agent Skill for Claude Code / OpenClaw, with 3144 downloads so far.

How do I install OpenClaw Minecraft?

Run "/install openclaw-minecraft" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is OpenClaw Minecraft free?

Yes, OpenClaw Minecraft is completely free (open-source). You can download, install and use it at no cost.

Which platforms does OpenClaw Minecraft support?

OpenClaw Minecraft is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created OpenClaw Minecraft?

It is built and maintained by ene5135 (@ene5135); the current version is v0.1.26.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments