Deno Deploy

The skill is classified as suspicious due to potential shell injection vulnerabilities in the `SKILL.md` instructions. The agent is instructed to execute shell commands like `python scripts/deploy.py --name <project-name> --code /tmp/main.ts` and `curl ... https://<project-name>.deno.dev`. If the `<project-name>` (user-controlled input) is not properly sanitized or escaped by the OpenClaw agent before execution, it could lead to arbitrary command execution on the host system. While the `scripts/deploy.py` itself handles arguments as strings and uses them in JSON payloads, the agent's direct shell execution of user-controlled input creates a significant risk. There is no evidence of intentional malicious behavior such as data exfiltration to unauthorized endpoints or persistence mechanisms.