Security audit
Security checks across malware telemetry and agentic risk
The skill is mostly transparent about Lingry wallet and token handling, but it asks users to perform sensitive wallet/session operations through helper files that are not actually present in this package.
Review this skill before installing because it involves wallet and API-session credentials. Do not paste private keys, passphrases, or session tokens into chat. Only proceed if the installed package actually includes the referenced Lingry helper files from a trusted source, and treat ~/.openclaw/.env and ~/.lingry as sensitive local credential locations.
printf '\n' tmpfile="$(mktemp)" [ -f "$HOME/.openclaw/.env" ] && grep -v '^LINGRY_SESSION_TOKEN=' "$HOME/.openclaw/.env" > "$tmpfile" printf 'LINGRY_SESSION_TOKEN=%s\n' "$NEW_LINGRY_TOKEN" >> "$tmpfile" mv "$tmpfile" "$HOME/.openclaw/.env" chmod 600 "$HOME/.openclaw/.env"
printf '\n' tmpfile="$(mktemp)" [ -f "$HOME/.openclaw/.env" ] && grep -v '^LINGRY_SESSION_TOKEN=' "$HOME/.openclaw/.env" > "$tmpfile" printf 'LINGRY_SESSION_TOKEN=%s\n' "$NEW_LINGRY_TOKEN" >> "$tmpfile" mv "$tmpfile" "$HOME/.openclaw/.env" chmod 600 "$HOME/.openclaw/.env"
tmpfile="$(mktemp)" [ -f "$HOME/.openclaw/.env" ] && grep -v '^LINGRY_SESSION_TOKEN=' "$HOME/.openclaw/.env" > "$tmpfile" printf 'LINGRY_SESSION_TOKEN=%s\n' "$NEW_LINGRY_TOKEN" >> "$tmpfile" mv "$tmpfile" "$HOME/.openclaw/.env" chmod 600 "$HOME/.openclaw/.env" unset NEW_LINGRY_TOKEN
[ -f "$HOME/.openclaw/.env" ] && grep -v '^LINGRY_SESSION_TOKEN=' "$HOME/.openclaw/.env" > "$tmpfile" printf 'LINGRY_SESSION_TOKEN=%s\n' "$NEW_LINGRY_TOKEN" >> "$tmpfile" mv "$tmpfile" "$HOME/.openclaw/.env" chmod 600 "$HOME/.openclaw/.env" unset NEW_LINGRY_TOKEN unset LINGRY_SESSION_TOKEN
printf '\n' tmpfile="$(mktemp)" [ -f "$HOME/.openclaw/.env" ] && grep -v '^LINGRY_SESSION_TOKEN=' "$HOME/.openclaw/.env" > "$tmpfile" printf 'LINGRY_SESSION_TOKEN=%s\n' "$NEW_LINGRY_TOKEN" >> "$tmpfile" mv "$tmpfile" "$HOME/.openclaw/.env" chmod 600 "$HOME/.openclaw/.env"
printf '\n' tmpfile="$(mktemp)" [ -f "$HOME/.openclaw/.env" ] && grep -v '^LINGRY_SESSION_TOKEN=' "$HOME/.openclaw/.env" > "$tmpfile" printf 'LINGRY_SESSION_TOKEN=%s\n' "$NEW_LINGRY_TOKEN" >> "$tmpfile" mv "$tmpfile" "$HOME/.openclaw/.env" chmod 600 "$HOME/.openclaw/.env"
tmpfile="$(mktemp)" [ -f "$HOME/.openclaw/.env" ] && grep -v '^LINGRY_SESSION_TOKEN=' "$HOME/.openclaw/.env" > "$tmpfile" printf 'LINGRY_SESSION_TOKEN=%s\n' "$NEW_LINGRY_TOKEN" >> "$tmpfile" mv "$tmpfile" "$HOME/.openclaw/.env" chmod 600 "$HOME/.openclaw/.env" unset LINGRY_SESSION_TOKEN
[ -f "$HOME/.openclaw/.env" ] && grep -v '^LINGRY_SESSION_TOKEN=' "$HOME/.openclaw/.env" > "$tmpfile" printf 'LINGRY_SESSION_TOKEN=%s\n' "$NEW_LINGRY_TOKEN" >> "$tmpfile" mv "$tmpfile" "$HOME/.openclaw/.env" chmod 600 "$HOME/.openclaw/.env" unset LINGRY_SESSION_TOKEN unset NEW_LINGRY_TOKEN
64/64 vendors flagged this skill as clean.
No suspicious patterns detected.
