Kmi

Type: OpenClaw Skill Name: kmi Version: 1.0.0 The skill is classified as suspicious due to the `kmi radar` command described in `SKILL.md`, which explicitly downloads files to the current or a specified directory. While the documentation instructs the agent to inform the user about file output, this capability introduces a significant vulnerability for arbitrary file writes if the AI agent can be prompted via injection to specify a malicious `--output-dir` (e.g., to sensitive system or user configuration files). This represents a risky capability without clear malicious intent within the skill's instructions.