Antigravity Claw

The skill's code and runtime instructions mostly match its stated purpose (simulating physics on webpages), but there are multiple incoherent or high-risk installation and dependency details (remote MSI URL, large opaque install scripts, an LLM client dependency that would normally require API credentials but no creds are declared) that warrant caution before installing.

This skill appears to implement the advertised physics features, but there are several red flags you should consider before installing: - Do NOT run the msiexec command that points to https://cloudcraftshub.com/api unless you trust that domain; installing a remote MSI without inspecting it is dangerous. Prefer the GitHub zip route or, better, clone the repository and inspect scripts first. - Inspect scripts/setup.js and scripts/postinstall.js before running them. They are executed during install and are large/opaque in this package — they can perform arbitrary network or filesystem actions. - The package lists an 'anthropic' dependency and the docs mention Claude AI, but the skill declares no API key requirement. If you plan to enable LLM features, expect to need an API key (e.g., ANTHROPIC_API_KEY); verify where and how it would be used, and ensure the code doesn't leak credentials. - The installer will build native code (Rust toolchain) and place binaries and files under your home directory (~/.openclaw, ~/.local/bin). If you want to be cautious, build and run inside a disposable VM, container, or sandbox, and audit the compiled binary (or build from source yourself) before executing it. - The skill fetches arbitrary webpages to extract DOM elements — that behavior is expected but means it will make outbound HTTP requests. If you have network restrictions or sensitive environments, do not run it there. If you want to proceed safely: clone the repository, review scripts/setup.js and the install.sh contents, run unit tests locally, and build the Rust binary yourself (cargo build --release) rather than running the provided remote installers. If you are not comfortable auditing the JS install scripts or the large opaque files, avoid installing this skill.