Toolbelt

The skill automates the provisioning of a third-party account and modifies sensitive local configuration files (e.g., ~/.openclaw/mcp.json, ~/.cursor/mcp.json) to install an MCP server. While the SKILL.md documentation emphasizes user consent and transparency, the instructions require the agent to perform high-risk actions including writing to system configs and executing shell commands (claude mcp add). It also facilitates the exfiltration of user-approved data to an external cloud service (toolbelt.ai) for processing and storage.