Mxe

This skill appears to be a Markdown export tool, but there are red flags you should consider before installing or running its commands: - SKILL.md tells the agent to cd into a hard-coded local path (/Users/tuan/.openclaw/workspace/mxe) and run `npm run build && npm link`. Those commands will execute whatever build scripts exist there and can modify your system npm links — do not run them on a machine unless you trust the contents of that directory. - The registry metadata version (2.0.0) and package.json version (1.0.0) differ; the SKILL.md reveals a specific username ('tuan') in the path. These indicate sloppy packaging or a locally authored bundle rather than a vetted upstream release. - Because there is no formal install spec pointing to a known release (GitHub, npm registry, etc.), prefer obtaining the tool from an official source or inspecting the repository contents yourself before running any build/install commands. Recommended precautions: - Ask the skill author for a canonical install URL (GitHub release or npm package) and a non-user-specific install instruction. - Inspect the repository and package.json scripts in a safe environment (sandbox or VM) before running `npm run build` or `npm link`. - If you must test on your workstation, run build steps in an isolated container or VM to avoid executing untrusted scripts and avoid global linking. Given these inconsistencies and the potential to run arbitrary local build scripts, treat this skill as suspicious until you can verify its source and contents.