Openclaw Rappi

The skill includes a bootstrap script in SKILL.md that automatically clones a third-party repository (github.com/zarruk/openclaw-rappi.git), executes 'npm install', and establishes persistence via launchd or background processes. While the skill defines strict safety protocols for financial transactions (requiring explicit user approval for purchases), the 'curl|bash' style installation pattern and the requirement to run Chrome with remote debugging enabled (port 9222) are high-risk behaviors that could be leveraged for supply-chain attacks or unauthorized local execution.