The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill instructs users to install software using the command 'curl -fsSL https://openclaw.ai/install.sh | bash'. This pattern of piping a remote script directly into a shell is a major security risk, as it allows for the execution of unvetted code from a non-whitelisted source.
[COMMAND_EXECUTION]: Deployment and maintenance tasks require administrative privileges via 'sudo', including firewall setup ('ufw'), service management ('systemctl'), and power management configuration ('pmset').
[COMMAND_EXECUTION]: The integration of the iMessage channel requires granting the terminal and OpenClaw process 'Full Disk Access' and 'Automation' permissions on macOS. This provides the application with broad access to private system data, including the Messages database ('chat.db').
[EXTERNAL_DOWNLOADS]: The skill facilitates the installation of various third-party dependencies and services, including Docker, Tailscale, Homebrew, and nvm, using their respective remote installation scripts.
[EXTERNAL_DOWNLOADS]: The documentation warns users about security risks associated with third-party 'skills' from the 'ClawHub' repository, noting that a significant percentage have been found to be malicious or vulnerable.
[PROMPT_INJECTION]: The skill describes a surface for indirect prompt injection, as the OpenClaw software processes data from external messaging channels (Telegram, iMessage).
Ingestion points: Untrusted data enters the context via messaging channels described in 'references/telegram-channel.md' and 'references/imessage-channel.md'.
Boundary markers: The skill suggests using '@mention' requirements and pairing policies to limit exposure.
Capability inventory: The software possesses capabilities including file system access and command execution as described in 'SKILL.md'.
Sanitization: The skill points to automated security audits and hardening guides, but code-level sanitization of external message content is not explicitly provided in the documentation.

openclaw-setup