← 返回 Skills 市场
Snake Rodeo
作者
billy rennekamp
· GitHub ↗
· v3.2.1
636
总下载
0
收藏
2
当前安装
4
版本数
在 OpenClaw 中安装
/install snake-rodeo
功能描述
Autoplay daemon for the Trifle Snake Rodeo game. Connects to a live game server, authenticates via wallet, and votes on snake directions using pluggable AI s...
安全使用建议
This skill appears to do what it says: run an autoplay daemon that authenticates to Trifle and submits votes. Before installing, consider: 1) Provide authentication via the trifle-auth skill or set TRIFLE_AUTH_TOKEN (the skill will read ~/.config/snake-rodeo/auth.json or that env var). 2) The package will (or can) run npm install and fetch the 'snake-rodeo-agents' dependency from GitHub — review that repository if you want to verify strategy logic. 3) If you enable Telegram notifications, the TELEGRAM_BOT_TOKEN (or settings.telegramBotToken) will be used to send messages — treat that token as sensitive. 4) The daemon writes files to ~/.config/snake-rodeo, ~/.local/state, and ~/.local/share and uses PID/log files; review those paths if you need to audit stored tokens or state. 5) The code uses child_process exec/spawn for tail/sleep in a few places — normal for CLI tools but worth noting on hardened systems. Overall the pieces are coherent; if you need higher assurance, inspect the referenced GitHub libs (snake-rodeo-agents and trifle-auth) and confirm the backend endpoints (bot.trifle.life) are what you expect.
功能分析
Type: OpenClaw Skill
Name: snake-rodeo
Version: 3.2.1
```json
{
"classification": "suspicious",
"summary": "The skill is classified as suspicious primarily due to its direct dependency on a GitHub repository (`snake-rodeo-agents": "github:trifle-labs/snake-rodeo-agents"`) in `package.json`. This unpinned direct GitHub dependency, also fetched via `npm install` in `clawdhub.json`'s `install.post` script, represents a supply chain vulnerability. While the skill's own code appears to align with its stated purpose (an autoplay daemon for a game) and lacks clear malicious intent, this dependency introduces an external, potentially volatile source of code that could be compromised, making the overall skill risky. Other functionalities like network communication to game servers and Telegram (opt-in) and file system access for config/state/logs are transparent and appear to be for the stated purpose, with no evidence of prompt injection or unauthorized data exfiltration."
}
```
能力评估
Purpose & Capability
The name/description (autoplay daemon) aligns with the included CLI and daemon code: game-state polling, strategy selection, and vote submission. The declared dependency on 'snake-rodeo-agents' and mention of trifle-auth are consistent with the skill's purpose.
Instruction Scope
SKILL.md and the code limit actions to game-related activity: polling the backend, computing votes, submitting votes, saving local settings/state, and optional Telegram notifications. The code explicitly confines files to XDG dirs ( ~/.config/snake-rodeo, ~/.local/state, ~/.local/share ) and states it does not read OpenClaw internals.
Install Mechanism
There is no platform-level install spec in the registry summary, but the included clawdhub.json contains a post-install step ('chmod +x snake.mjs && npm install') and package.json depends on snake-rodeo-agents via github:trifle-labs. npm install will fetch code from GitHub (expected for Node projects) — moderate-risk compared with pure instruction-only skills but appropriate for a Node-based CLI. Review the upstream 'snake-rodeo-agents' repository before installing.
Credentials
The skill declares no required env vars, but the code reads optional environment variables: TRIFLE_AUTH_TOKEN (auth override), TRIFLE_BACKEND_URL (alternate server), and TELEGRAM_BOT_TOKEN (for Telegram messaging). These are reasonable for this functionality but the SKILL.md/registry metadata do not list them explicitly — they are optional and only used if present.
Persistence & Privilege
The skill runs as a user-space daemon (no always:true). It writes config/state/logs under the user's XDG directories, creates a PID file in ~/.local/state, and can spawn a detached child process. This is expected for a persistent CLI/daemon and does not modify other skills or system-wide agent settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install snake-rodeo - 安装完成后,直接呼叫该 Skill 的名称或使用
/snake-rodeo触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v3.2.1
Security: move all paths to XDG base dirs, remove access to host agent internals; auth token via env var or ~/.config/snake-rodeo/auth.json
v3.2.0
Cartesian grid support, EV probabilistic defection for multi-agent scenarios, fix upgrade path
v3.0.0
v3.0.0 - Hex grid support, 5 built-in strategies, cartesian grid compatibility, systemd service install
v1.0.0
Initial publish - Snake Rodeo autoplay daemon with expected-value strategy
元数据
常见问题
Snake Rodeo 是什么?
Autoplay daemon for the Trifle Snake Rodeo game. Connects to a live game server, authenticates via wallet, and votes on snake directions using pluggable AI s... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 636 次。
如何安装 Snake Rodeo?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install snake-rodeo」即可一键安装,无需额外配置。
Snake Rodeo 是免费的吗?
是的,Snake Rodeo 完全免费(开源免费),可自由下载、安装和使用。
Snake Rodeo 支持哪些平台?
Snake Rodeo 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Snake Rodeo?
由 billy rennekamp(@okwme)开发并维护,当前版本 v3.2.1。
推荐 Skills