Memory On Demand

The `SKILL.md` file instructs the AI agent to execute shell commands like `grep -r "关键词" ~/.openclaw/workspace/memory/` and `qmd search "关键词"`. The '关键词' placeholder is intended to be filled with user input. If the agent does not rigorously sanitize this user input before embedding it into the shell commands, it creates a significant shell injection vulnerability, potentially leading to arbitrary command execution (RCE). This is a critical vulnerability, not direct malice, making the skill suspicious.