GameForge skills are markdown instruction files that guide Claude's behavior during game development sessions. They do not execute code directly. However, skills can instruct Claude to:
- Read and write files in your project directory
- Execute shell commands via the Bash tool (builds, tests, git operations)
- Create and modify source code based on your requests
This means a maliciously crafted skill could potentially instruct Claude to perform unwanted file operations or execute harmful commands within your project.
- Review skill content — Every skill is a readable
.mdfile. Check theSKILL.mdcontent before use. - Check
allowed-tools— The frontmatter field lists what tools the skill can use. Skills withBashaccess can execute shell commands. - Trust the source — Skills from this repository are reviewed by AlterLab maintainers. Third-party skills should be inspected carefully.
- Use Claude Code permissions — Configure
settings.jsonto deny destructive operations. Seestarters/claude-config/settings.jsonfor a recommended permission set.
If you discover a security concern in any GameForge skill (e.g., a skill that could be exploited to exfiltrate data, execute harmful commands, or bypass permission boundaries):
- Do NOT open a public issue
- Email: cem.ipek@ieu.edu.tr
- Include: Skill name, description of the concern, potential impact, steps to reproduce
We will acknowledge receipt within 48 hours and provide a fix or mitigation within 7 days for confirmed issues.
| Version | Supported |
|---|---|
| 2.0.x | Yes |
| < 2.0 | Limited support |
This policy covers the skill content, hooks, templates, and documentation in this repository. It does not cover:
- Claude Code itself — Report to Anthropic
- Third-party MCP servers referenced in
docs/mcp-integrations.md— Report to their respective maintainers - User-modified skill content — You are responsible for changes you make to skills
- Keep Claude Code updated to the latest version
- Use the principle of least privilege in your
settings.jsonpermissions - Review hook scripts before enabling them in your project
- Never commit
.envfiles or credentials to your game project
AlterLab GameForge — Built by AlterLab Creative Technologies Laboratory