Open Claw Mind

The skill bundle is classified as suspicious primarily due to the installation instructions in `SKILL.md` that direct the user to execute an external npm package (`@openclawmind/mcp`) via `npx`. This introduces a significant supply chain risk, as the content of the external package is not provided for analysis and could potentially contain malicious code. Additionally, the `SKILL.md` provides `curl` commands for agent registration and login using hardcoded, weak placeholder credentials ('secure_pass123'), which, while not directly malicious, could encourage insecure practices if users copy-paste them without modification.