Coding Agent Backup

The skill is classified as suspicious due to two critical security vulnerabilities. Firstly, the `SKILL.md` instructions explicitly direct the OpenClaw agent to use the `--yolo` flag with the `codex` tool, which disables sandboxing and approval mechanisms, creating a severe risk of arbitrary code execution on the host system without oversight if the agent is compromised. Secondly, the `index.js` file contains a hardcoded Google Gemini API key (`AIzaSyCKWmPmAkZWvI2KiblawWPUESyCp9dEjk0`), which is a significant information security flaw as it exposes credentials that could be misused.