Clawzempic

The README/manifest claim a server-side LLM proxy that auto-handles signup/auth and stores provider keys, but the bundle contains only local instruction docs and a few local scripts (memory/router) with no install/server spec or declared credentials — the pieces don't line up and deserve caution.

Do not install or hand over any API/provider keys until these inconsistencies are resolved. Specific checks to request or perform before trusting this skill: 1) Ask the publisher to explain where the 'server-side proxy' runs and provide the installation/service manifest or a URL for the service endpoints and privacy/security policy. 2) Verify the npm package source (link to repository and exact package contents) and inspect any runtime code that would receive/store your provider keys or make outbound network calls. 3) Confirm whether provider keys ever leave your environment; insist on client-side key usage or an audited server design before uploading keys. 4) If you test locally, run in a sandboxed environment (isolated VM/container) and audit network traffic and created files (e.g., SESSION-STATE.md, ~/.openclaw/*, config.json). 5) Prefer source from a well-known repo/release with reproducible build and clear instructions for how/where credentials are stored. Given the mismatch between claims and bundled artifacts, treat this package as potentially incomplete or misleading — proceed only after obtaining clear, verifiable implementation details.