The Agent Skills Directory

[COMMAND_EXECUTION]: The skill frequently executes system commands (such as hostname, uptime, nproc, sysctl, df, and iostat) and uses the openclaw CLI to collect performance metrics and session metadata. These operations are implemented using safe, shell-less wrappers (execFileSync, execFile) or hardcoded command strings to prevent injection attacks.
[EXTERNAL_DOWNLOADS]: Includes a utility script (scripts/install-system-deps.sh) designed to install optional system monitoring packages (sysstat, lm-sensors) via trusted system package managers including apt, brew, and dnf.
[DATA_EXFILTRATION]: Contains an optional feature for synchronizing agent session states with Linear tasks (scripts/linear-sync.js). This integration transmits data to the well-known and trusted domain api.linear.app, requiring a user-provided API key stored in environment variables.
[PROMPT_INJECTION]: The skill processes agent transcripts from the local filesystem to extract conversation topics and operator identities, presenting an indirect prompt injection surface. The application mitigates this risk by using HTML escaping in the frontend to prevent the execution of malicious content in the dashboard UI.

command-center