Islamic Companion

Type: OpenClaw Skill Name: islamic-skills Version: 2.0.1 The skill is classified as suspicious due to the presence of a fragile pure bash JSON parsing fallback in `lib/json.sh` when `jq` is not installed, which represents a vulnerability in input handling. Additionally, the skill generates `CRON_ADD` commands in `lib/scheduler.sh`, `src/scheduler.py`, `lib/quotes.sh`, and `src/quotes.py` for scheduling tasks, and includes a static prompt injection phrase in `src/quotes.py` to instruct the agent. While these capabilities are used for benign purposes and include explicit warnings for the user to review, they are inherently powerful and could be exploited if the payloads were crafted maliciously, fitting the criteria for 'risky capabilities without clear malicious intent'.