zadig

The skill is classified as suspicious due to a critical shell injection vulnerability found in the `getServiceLogsSync` function within `index.js`. This function uses `child_process.execSync` to execute a `curl` command, where parameters like `pod.name` and `containerName` are directly interpolated into the shell command string without proper sanitization. This allows an attacker who can control these input parameters to execute arbitrary commands on the host system running the OpenClaw agent. While this is a severe Remote Code Execution (RCE) risk, there is no clear evidence of intentional malicious behavior (e.g., data exfiltration to an unauthorized endpoint, persistence mechanisms) by the skill's author; it appears to be an implementation flaw rather than a deliberate attack.