openclaw-deployment-installer

SUSPICIOUS: the overall purpose is plausible, but the trust story is weak. The skill uses unpinned remote shell installers from an unrelated GitHub org, handles many credentials, and explicitly allows routing model traffic to arbitrary custom endpoints. Those behaviors may fit OpenClaw’s functionality, but they create medium-high security risk and an integrity gap between the Hermes publisher and the installed software.