ironclaw

The OpenClaw AgentSkills skill bundle for 'ironclaw' appears to be a legitimate security tool designed to help AI agents detect and prevent malicious content. All network calls are directed to the stated service `https://ironclaw.io` for classification purposes. The `curl` command found in both SKILL.md and HEARTBEAT.md is used solely for checking the skill's version (`curl -s https://ironclaw.io/skill.md | head -5 | grep 'version:'`), not for downloading and executing arbitrary remote code. Furthermore, the instructions explicitly advise against auto-updating skill files without review, promoting good security practices. There is no evidence of data exfiltration, unauthorized execution, persistence mechanisms beyond update checks, or prompt injection attempts against the agent for malicious purposes.