ClawAPI

The skill is classified as suspicious due to its installation method specified in `SKILL.md`. It instructs the OpenClaw agent to execute `curl -fsSL https://raw.githubusercontent.com/Gogo6969/clawapi/main/install.sh | bash`. This command downloads and executes a script directly from a remote GitHub URL, which is a significant supply chain risk and a potential Remote Code Execution (RCE) vulnerability. While the documentation claims the script verifies SHA-256 checksums and the stated purpose is benign (installing a macOS app), the direct execution of arbitrary remote code without local verification or sandboxing is a high-risk behavior, even if not explicitly malicious within the provided files.