Cuchd Login

The skill's instructions grant broad autonomous browser control appropriate for a login helper, but multiple inconsistencies and missing declarations (mismatched names/domains, no declared credential handling, and broad data-reading/download actions) make its intent and safe operation unclear.

Do not install blindly. Things to check before using: 1) Clarify the target host and intent — why does package.json reference staff.cuchd.in while the SKILL.md uses openclaw.in and the skill name is 'Cuchd Login'? 2) Require explicit credential wiring — insist the skill declare a primary credential or env vars (e.g., USERNAME / PASSWORD or an OAuth token) and explain how credentials are provided and protected. 3) Limit autonomous power — prefer per-action confirmations or restrict post-login actions to a minimal, auditable set. 4) Ask where downloads and extracted data are stored and how sensitive data is prevented from being exfiltrated. 5) If you proceed, test with a non-critical account in a sandbox and monitor logs/audit trails; prefer rejecting the skill if the author/source cannot be verified. If the mismatches are explained as copy-paste errors and the author provides explicit, secure credential handling and narrower scope, the concerns could be resolved.