← Back to Skills Marketplace
en1r0py1865

minecraft-bridge

by en1r0py1865 · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
319
Downloads
0
Stars
2
Active Installs
1
Versions
Install in OpenClaw
/install minecraft-bridge
Description
Local HTTP bridge for Mineflayer-based live control of a Minecraft Java bot. Trigger when the user wants to connect a bot to their world, check bot status/in...
Usage Guidance
This skill appears to implement what it claims (a local Mineflayer HTTP bridge) but check a few things before installing or running it: 1) Verify the bridge binds only to localhost (127.0.0.1). If bridge-server.js calls server.listen(port) without a host, it may be reachable from the network — change it to server.listen(port, '127.0.0.1') or firewall it. 2) Confirm the environment-variables list: set MC_BRIDGE_PORT, MC_VERSION, and MC_AUTH as needed (these are referenced by the code/docs but not listed in metadata). 3) Be cautious with POST /command: it forwards arbitrary slash commands; do not run this against servers where the bot has operator privileges unless you trust commands being issued. 4) start.sh will run npm install locally; review the installed package versions and consider locking them (package-lock) or auditing packages before use. 5) Run the bridge under an unprivileged user, and avoid exposing the machine's network interface to untrusted networks. If you want me to, I can inspect the remainder of bridge-server.js (the truncated part) to confirm the server.listen call and any additional network or file operations.
Capability Analysis
Type: OpenClaw Skill Name: minecraft-bridge Version: 1.0.0 The bundle provides a legitimate local HTTP bridge for controlling a Mineflayer-based Minecraft bot. The code in `bridge-server.js` is well-structured, binding the API strictly to 127.0.0.1 and implementing a `BLOCKED_COMMANDS` regex to prevent the bot from being used for administrative abuse (e.g., /op, /ban). While the `/command` endpoint allows arbitrary in-game commands, the documentation in `SKILL.md` and `references/api-spec.md` explicitly warns about this risk, and there is no evidence of host-level execution, data exfiltration, or malicious prompt injection.
Capability Assessment
Purpose & Capability
Name, description, required binary (node), and npm packages (mineflayer, mineflayer-pathfinder, vec3) align with a Mineflayer-based local bridge. The skill's files (bridge-server.js, start/stop scripts, API docs) are consistent with its claimed functionality. Minor mismatch: SKILL metadata lists MC_HOST, MC_PORT, MC_BOT_USERNAME as required, but the runtime also expects other environment variables (MC_BRIDGE_PORT, MC_VERSION, MC_AUTH) documented in config.example.json and SKILL.md.
Instruction Scope
Runtime instructions focus on starting a local HTTP bridge and calling localhost endpoints (status, move, mine, chat, command, etc.), which is within scope. Concerns: (1) The documentation repeatedly states the bridge is intended for localhost only, but the code snippet does not show an explicit bind address — if bridge-server.js calls server.listen(port) without a host, Node will typically bind to all interfaces (0.0.0.0), exposing the API to the network. Verify the server bind address in the full source. (2) /command forwards arbitrary slash commands (with some commands blocked); this is necessary for usefulness but is a high-risk capability if the bot has elevated permissions — the README warns about this, which is good.
Install Mechanism
start.sh will run 'npm install mineflayer mineflayer-pathfinder vec3' in the skill directory if the dependencies are not present. Installing npm packages from the public registry is expected here but carries the usual supply-chain risk (moderate). The install is not downloading arbitrary archives or running code from unknown URLs — it's npm, which is traceable.
Credentials
The declared required env vars (MC_HOST, MC_PORT, MC_BOT_USERNAME) are appropriate. However, the SKILL.md and config.example reference additional env vars (MC_BRIDGE_PORT, MC_VERSION, MC_AUTH) that are not listed in the metadata 'requires.env'. The skill does not request unrelated secrets (no API keys, AWS, etc.), which is good. Still: MC_AUTH may be used to select authentication mode (offline vs microsoft) — if you run against an authenticated server ensure you understand how credentials are supplied and that they are not being accidentally stored or transmitted.
Persistence & Privilege
The skill does not request always:true and does not modify other skills' configurations. It creates PID and log files under /tmp or XDG_RUNTIME_DIR and can install npm packages into the skill directory — this is normal for a local helper service. Autonomous invocation is allowed (default) but not combined with other high-risk factors here.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install minecraft-bridge
  3. After installation, invoke the skill by name or use /minecraft-bridge
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of minecraft-bridge skill: a local HTTP bridge for live control of a Minecraft Java bot via Mineflayer. - Enables in-game bot actions (move, mine, craft, follow, chat) and live state reads (status, inventory, position) through a REST API. - Setup instructions included for connecting to local or LAN-hosted Minecraft Java worlds. - Comprehensive HTTP API for real-time bot management; includes error handling and integration guidance for dependent skills. - Distinct usage boundaries established: use only for live-game interaction, not for knowledge or server administration.
Metadata
Slug minecraft-bridge
Version 1.0.0
License MIT-0
All-time Installs 2
Active Installs 2
Total Versions 1
Frequently Asked Questions

What is minecraft-bridge?

Local HTTP bridge for Mineflayer-based live control of a Minecraft Java bot. Trigger when the user wants to connect a bot to their world, check bot status/in... It is an AI Agent Skill for Claude Code / OpenClaw, with 319 downloads so far.

How do I install minecraft-bridge?

Run "/install minecraft-bridge" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is minecraft-bridge free?

Yes, minecraft-bridge is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does minecraft-bridge support?

minecraft-bridge is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created minecraft-bridge?

It is built and maintained by en1r0py1865 (@en1r0py1865); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments