OpenClaw 1ly Payments

This skill is classified as suspicious due to its inherent high-risk capabilities, specifically enabling autonomous financial transactions (payments, token launches, token trades) using sensitive wallet and API keys. While the skill includes guardrails like budget limits and instructions to keep keys local, the ability for an agent to proceed with payments 'without per-call confirmation' if budgets are set and the user opted in, poses a significant risk if the agent is compromised or misdirected. Additionally, the `1ly_update_avatar` tool's `imageBase64` parameter, detailed in `SKILL.md`, presents a potential vector for data exfiltration if an agent is tricked into encoding and uploading sensitive local files.