moneydevkit

The OpenClaw AgentSkills skill bundle for 'moneydevkit' is benign. It provides documentation and code snippets for integrating a payment system, requiring sensitive credentials like `MDK_MNEMONIC` (a wallet seed phrase) and `MDK_ACCESS_TOKEN`. However, the `SKILL.md` file explicitly warns users about the critical importance of securing these credentials, advising against logging them or committing them to git, and recommending environment variables or secrets managers. All commands and instructions, including those for the agent (e.g., `claude mcp`, `npx @moneydevkit/create`), are directly related to setting up and managing the moneydevkit service. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, obfuscation, or prompt injection attempts against the agent designed to cause harm beyond the stated purpose.