RealWorldClaw

The skill is classified as suspicious primarily due to a critical security vulnerability in `scripts/rwc.py` where SSL certificate verification is explicitly disabled for MQTT connections (`client.tls_insecure_set(True)`). This makes local communication with ESP32 devices vulnerable to Man-in-the-Middle attacks, allowing potential interception or manipulation of sensor data and commands. Additionally, the skill, as instructed in `SKILL.md` and implemented in `scripts/rwc.py`, sends user-provided registration and login credentials (username, email, password) to an external third-party API (`https://realworldclaw-api.fly.dev/api/v1`). While this is documented as intended functionality, it represents a high-risk action requiring significant trust in the external service.