Pget

OpenClaw Agent Skill The skill bundle is classified as suspicious due to its installation instructions in `references/pget.md`. It uses `sudo curl -L` to download a binary from `https://github.com/replicate/pget` and then `sudo chmod +x` to make it executable and install it system-wide. While this is a common method for installing CLI tools, it represents a significant risky capability involving downloading and executing external code with elevated privileges, which could be exploited if the source repository were compromised. There is no clear evidence of intentional malicious behavior or prompt injection attempts against the agent.