openclaw-mission-control

Suspicious. The skill’s stated purpose matches an orchestration dashboard, and its credential needs are mostly proportionate, but the trust model is weakened by a raw GitHub pipe-to-shell installer, a chained remote installer, and a publisher/source mismatch (ara.so branding vs personal GitHub repo). Data flows mostly target self-hosted/local APIs and configured gateways rather than obvious exfiltration endpoints, so this is not confirmed malware, but it is a medium-high risk skill that should not be installed blindly.