Crabwalk

The skill bundle is classified as suspicious due to several high-risk capabilities, even though they are plausibly aligned with its stated purpose as a 'Real-time companion monitor'. Key indicators include the installation script in `skill.md` performing remote code execution by downloading and extracting binaries from GitHub releases (`https://github.com/luccast/crabwalk`), the use of `sudo` to install system packages (`qrencode`), and the documentation explicitly stating that the `crabwalk` tool will auto-detect and read the gateway token from `~/.openclaw/openclaw.json`. Additionally, the tool starts a network-facing server, exposing a service on the local network. While these actions are presented as necessary for the monitoring functionality, they collectively represent significant security risks without clear malicious intent being demonstrated.