Agent Tools

Type: OpenClaw Skill Name: agent-tools Version: 0.1.5 The skill is classified as suspicious due to its installation method and broad permissions. The `SKILL.md` and `references/authentication.md` files instruct the agent to install the `inference.sh` CLI using `curl -fsSL https://cli.inference.sh | sh`. This is a high-risk supply chain vulnerability, as it allows arbitrary code execution from a remote server if `cli.inference.sh` were compromised. Additionally, the `allowed-tools: Bash(infsh *)` permission grants the agent extensive capabilities through the `infsh` CLI, including app deployment (`infsh app deploy` documented in `references/cli-reference.md`), which, while not explicitly instructed for malicious use, represents a significant potential for misuse or exploitation.