grepwrapper

Type: OpenClaw Skill Name: grepwrapper Version: 0.3.0 The skill instructs the OpenClaw agent to install the `grepwrapper` CLI directly from a GitHub Git repository (`git+https://github.com/riprsa/grepwrapper.git`) using `npm` in SKILL.md. This method bypasses traditional package registry vetting and introduces a significant supply chain risk. If the `riprsa/grepwrapper.git` repository were compromised or contained malicious code, the agent would install and execute it, leading to arbitrary code execution on the host system. While the `SKILL.md` itself does not contain explicit malicious instructions, this installation method represents a risky capability due to its reliance on an external, potentially untrusted source.