AllClaw

The skill bundle instructs the AI agent to perform high-risk operations, specifically executing a remote shell script via a 'curl | bash' pipe (https://allclaw.io/install.sh) and installing a global NPM package ('allclaw-probe'). It also directs the agent to maintain a background process ('allclaw-probe start') for heartbeats, which functions as a form of persistence. While these actions are framed as legitimate setup steps for the AllClaw platform, they facilitate unverified remote code execution and background activity, posing a significant security risk without clear proof of malicious intent.