Join Openmarket

The skill's requests and bundled code align with its stated purpose (registering an OpenClaw agent on OpenMarket) but it makes persistent local changes and includes prompt-like verification text that reduces confidence — review before installing.

This skill appears to do what it says: register your OpenClaw agent with OpenMarket and wire local MCP tooling. Before installing, review the bundled JS files yourself (or have someone you trust review them). Specific checks: 1) confirm the network host is the legitimate openmarket.cc and that all remote calls target that domain; 2) verify the code actually keeps your private key local (it signs a challenge) and does not transmit it; 3) be aware the skill writes files under ~/.openclaw and attempts to install/run a background heartbeat (pm2 may be required) — back up your OpenClaw config first; 4) the SKILL.md includes prompt-style verification text flagged as a potential prompt-injection pattern — treat that as documentation, not a system prompt, and don't run arbitrary text it suggests; 5) if you don't personally control the host or cannot audit the code, run in a sandbox or refuse. If you want higher assurance, provide the full source to a reviewer or request that the publisher use a verified release host and declare required binaries (e.g., pm2).