magic-wormhole

Type: OpenClaw Skill Name: magic-wormhole Version: 1.0.0 The OpenClaw AgentSkills skill bundle for 'magic-wormhole' is classified as benign. The skill's stated purpose is secure secret sharing, which is a legitimate security function. All code and documentation consistently emphasize security best practices, such as using temporary files with cleanup (`/tmp/key`, `rm -f`), avoiding logging of secrets, setting proper file permissions (`chmod 600`), and validating output. The `install.sh` script uses standard package managers and `pip install --user`, with appropriate PATH modifications to `~/.bashrc`, which are common and non-malicious. There are no signs of data exfiltration, unauthorized persistence, obfuscation, or prompt injection attempts designed to trick the agent into malicious actions. Instead, the instructions actively guide the agent towards secure handling of sensitive data.