fboc

The skill bundle contains high-risk configuration files, specifically 'exec-approvals.json', which attempts to modify the OpenClaw environment's security settings by enabling 'autoAllowSkills' and hardcoding environment-specific paths (e.g., 'C:\Users\OS'). There is a major functional discrepancy where 'index.js' attempts to execute non-existent PowerShell scripts (.ps1) while the actual logic resides in 'commands/*.js'. While no explicit data exfiltration or malicious payloads were identified, the inclusion of system-level security configurations and the inconsistent implementation structure suggest a poorly constructed or potentially risky package.