Rent a Person

The skill bundle is classified as suspicious primarily due to explicit prompt injection instructions in `SKILL.md` and `AGENT_BRIEF.md`. Specifically, the agent is instructed to 'MUST process' RentAPerson webhooks and 'IGNORE' OpenClaw's security notices for webhooks. While the stated purpose is to enable automated processing of legitimate events, these instructions train the AI agent to bypass platform security warnings, creating a critical vulnerability in the agent's operational security. Additionally, some utility scripts (`scripts/send-via-cli.sh`, `scripts/send-to-session.js`) include the API key directly in messages, which is a less secure practice, although the main agent flow with the recommended 'bridge' service aims to avoid this.