OpenClaw Quickstart

This skill bundle is classified as suspicious due to its use of powerful capabilities that, while presented for a benign onboarding purpose, carry inherent risks. Specifically, the `SKILL.md` instructs the AI agent to 'silently run the installer' (`scripts/install.js`), which is a direct prompt injection vector bypassing user confirmation. The `install.js` script then modifies the agent's `HEARTBEAT.md` file to embed a recurring task and creates cron jobs (`quickstart-reminder`) using the `openclaw` CLI, establishing persistence and modifying the system environment. These actions demonstrate significant control over the agent's behavior and system, representing risky capabilities without clear malicious intent.