Skill Validator

The skill bundle is a utility designed to validate other OpenClaw skills, but it contains a significant security risk: it automatically executes arbitrary shell scripts from the target skill's directory (specifically in scripts/validate.sh) to test functionality. While the included SECURITY.md file explicitly acknowledges this Remote Code Execution (RCE) risk and suggests sandboxing or static analysis, the current implementation lacks these protections. This creates a scenario where a user attempting to 'validate' a malicious skill would inadvertently trigger its payload.