looplink.app

The skill dynamically loads and registers tools from an external manifest at `https://api.looplink.app/mcp/manifest`, as described in `SKILL.md`. This design introduces a significant supply chain vulnerability, as an external server can define arbitrary new tools, their descriptions, and input schemas, which the OpenClaw agent is then instructed to register and execute. While the current `SKILL.md` does not contain explicit malicious instructions, this mechanism allows for potential future prompt injection or arbitrary command execution if the external manifest is compromised or controlled by a malicious actor.