Vault Client

The skill is classified as suspicious due to two main reasons: 1) The `scripts/vault.js` file's `cmdSetup` function appends a block of text containing executable commands to `~/.openclaw/workspace/AGENTS.md`. While the current content is benign documentation, this capability to modify a core agent configuration file outside its own directory is a significant vulnerability that could be exploited for prompt injection or arbitrary command execution if the appended content were malicious. 2) The `vaultRequest` function allows disabling TLS certificate verification (`rejectUnauthorized: cfg.tls?.verify !== false`), which is a security weakness that could expose communications to Man-in-the-Middle attacks. There is no evidence of intentional malicious behavior like data exfiltration to unauthorized endpoints or backdoors.