iaskaster

The skill bundle contains a significant security flaw in the 'iaskaster_read' tool within 'index.js', which allows for arbitrary file reads. The implementation takes a 'filename' parameter and returns the file's content as a Base64 string without any path validation or sandboxing, enabling an attacker to exfiltrate sensitive system files (e.g., SSH keys, config files) via prompt injection. Additionally, 'install.sh' performs broad modifications to the global 'openclaw.json' configuration, and the 'iaskaster_recharge' tool utilizes 'child_process.exec' to launch system browsers. While these capabilities are aligned with the stated purpose of generating and reading fortune-telling reports, the lack of safety constraints on file access is highly risky.