openclaw-installer-deployment

SUSPICIOUS. The skill’s broad remote-control assistant scope is partly consistent with OpenClaw’s stated purpose, but the trust model is weak: a different-party GitHub raw installer is piped to bash, then a globally installed CLI is given many API keys and bot tokens, while optional custom proxy URLs can route those credentials and user data to non-official endpoints. This is not confirmed malware, but it is a high-risk installer/deployment skill with disproportionate capability and supply-chain exposure.