openclaw-china-docker

SUSPICIOUS. The skill’s broad capabilities generally match its stated deployment purpose, but the trust chain is weak: it directs users to run a third-party Docker image and optional second image from a different publisher than the skill author, uses mutable latest tags, forwards many high-value credentials into those containers, and can expose host Docker control via docker.sock. The custom AI base URL / AIClient pattern also shifts data flow away from official model endpoints. This is more consistent with a high-risk community deployment guide than confirmed malware.