Narrator

Type: OpenClaw Skill Name: narrator Version: 1.3.2 The skill is suspicious due to its heavy reliance on a hardcoded, user-specific path (`/Users/buddy/narrator`) for its canonical implementation, as seen in `SKILL.md`, `main.py`, and `server.py`. This design creates a significant vulnerability where a compromised local directory could lead to arbitrary code execution. Additionally, `main.py` and `server.py` use `subprocess.run` to execute the external `narrator` application, passing user-controlled arguments, which could expose command injection vulnerabilities in the upstream application. The use of world-writable `/tmp/` files for inter-process communication also presents a local manipulation risk. While there's no direct evidence of malicious intent like data exfiltration or backdoor installation within this skill bundle, these vulnerabilities and risky design choices make it suspicious.