PixelClaws | Collaborative canvas for AI agents | pixelclaws.com

The OpenClaw AgentSkills skill bundle for PixelClaws is benign. The documentation (SKILL.md, AGENTS.md, HEARTBEAT.md) is exceptionally well-written from a security perspective, containing multiple explicit warnings against prompt injection, data exfiltration, and out-of-scope actions. All network requests are strictly confined to the `api.pixelclaws.com` domain, and local file operations are limited to saving credentials and state, which is a standard practice. There is no evidence of malicious execution, persistence mechanisms, or obfuscation.