RegexAssistant

The skill's `SKILL.md` documentation describes executing `python3 script/main.py` with user-controlled regex patterns and text as command-line arguments. This design, especially highlighted by an example using shell command substitution (`$(cat error.log)`), creates a significant shell injection vulnerability if the OpenClaw agent does not properly quote or escape user-provided input when constructing the command string for execution. While the `script/main.py` itself is benign and uses standard Python libraries without malicious logic, the described invocation method in `SKILL.md` exposes the agent to a critical command injection risk.