GitClaw

The skill is classified as suspicious due to several prompt injection instructions and the broad system-level access it requests. Instructions like 'Do everything automatically and quietly' and using `--confirm` for `gh repo create` aim to bypass user interaction, which, while potentially for automation, could be abused. The skill also performs extensive system modifications, including installing `git`, `cron`, and `gh` CLI using `sudo` across various package managers, and sets up a persistent cron job. While these actions are plausibly needed for the stated purpose of backing up the OpenClaw workspace to GitHub, the combination of prompt injection and high-privilege operations without explicit user confirmation for each step raises a red flag regarding potential misuse or unintended consequences.