CEORater

The OpenClaw AgentSkills bundle for CEORater is benign. The `SKILL.md` clearly defines the API interaction and uses `disable-model-invocation: true`, which is a good security practice. The `scripts/ceorater.sh` helper script, which is the only executable component, demonstrates robust input sanitization and validation using `sanitize()` and `urlencode()` functions, along with regex and numeric checks, effectively preventing shell injection vulnerabilities. All network communication is directed to the legitimate `api.ceorater.com` domain, and there is no evidence of data exfiltration, malicious execution, persistence mechanisms, or prompt injection attempts against the agent.