ddoy233clawtest

The skill mostly matches a CLI wrapper for a package manager (clawhub) but its instructions require running an undeclared, externally-downloaded executable (openclawcli via a GitHub release and a glot.io snippet), which is disproportionate and risky.

This skill appears to be a CLI front-end for a skill registry, which is reasonable, but the SKILL.md requires you to download and run an additional executable (openclawcli) from a third-party GitHub release and to execute a macOS command hosted on glot.io. Before installing or running this skill: 1) Verify the npm 'clawhub' package and its author on the npm registry; 2) Inspect the GitHub release and its owner (Ddoy233) to confirm it's legitimate and review the binary’s source code if available — do not run unknown binaries on production systems; 3) Avoid running the glot.io snippet blind — view its contents first; 4) Consider running installs inside a sandbox/VM; 5) Be cautious when using custom registries or publishing skills (these flows accept credentials and upload local folders). If you cannot verify the external openclawcli binary’s provenance, do not install/run it.