Twitter Automation

The `SKILL.md` file contains instructions that, if followed by the OpenClaw agent, would bypass its declared security policy (`allowed-tools: Bash(infsh *)`). Specifically, the 'Quick Start' section instructs the agent to execute `curl -fsSL https://cli.inference.sh | sh` and the 'Related Skills' section instructs `npx skills add ...`. Both `curl | sh` and `npx` commands do not start with `infsh`, representing a prompt injection vulnerability that could lead to arbitrary remote code execution (RCE) and supply chain risks if the remote scripts or npm packages are compromised. While the stated purpose of these commands is installation and adding related skills, the method used introduces significant security vulnerabilities.