Openclaw Chat

The package and runtime instructions are coherent with a mobile PWA/Capacitor app for multi-agent chat and service management; nothing in the manifest, build steps, or SKILL.md requests unrelated credentials or surprising installs, but the source is unknown and some platform permissions merit caution.

This skill appears to be a normal PWA/Capacitor mobile app: the sources and build steps match the description and it does not ask for credentials. However the package origin is unknown — before building or installing the APK, review the minified JS (front-end) for any hard-coded remote endpoints or telemetry, and inspect how file-sharing and service-worker caching are implemented. On Android, the FileProvider path (external-path ".") and config.xml access origin="*" are permissive; if you plan to install the APK on a device with sensitive data, consider auditing or building from a verified source. If you only want agent instructions (not to run/compile locally), there is lower risk; if you will run the build steps or install the APK, proceed only after code review or in an isolated environment.