The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill requires the installation of a global Node.js package (@qingchencloud/openclaw-zh) from the npm registry and includes a command (openclaw skills install) that downloads and executes additional code modules from remote sources at runtime.
[COMMAND_EXECUTION]: The software facilitates the installation of a persistent daemon service (openclaw gateway install), which enables background execution and requires higher-level system privileges. Furthermore, the skill's metadata contains a likely deceptive claim of '195,000+ GitHub stars', which appears to be social engineering intended to encourage users to run the privileged CLI tool.
[PROMPT_INJECTION]: The skill acts as an intermediary for chat platforms like Telegram and Discord, creating an indirect prompt injection surface. Malicious messages received through these channels could potentially manipulate the AI agent's logic or trigger sensitive tool executions.
Ingestion points: External chat messages from Telegram, WhatsApp, and Discord.
Boundary markers: None identified; the skill does not appear to use delimiters to separate system instructions from untrusted user content.
Capability inventory: Execution of LLM provider tasks (OpenAI, Claude) and 'skills' such as password manager integrations.
Sanitization: No evidence of input validation or content filtering for messages ingested from external platforms.
[CREDENTIALS_UNSAFE]: The tool manages and stores sensitive API keys for LLM services and bot tokens for messaging platforms in a local YAML configuration file (~/.openclaw/config.yml), which presents a risk of credential exposure if the host environment is not properly secured.

openclaw-chinese-ai-assistant