api-provider-setup

SUSPICIOUS: the skill’s stated purpose matches config editing for OpenClaw, but its actual data flow normalizes forwarding API keys and model traffic to third-party relay/proxy domains rather than official provider endpoints. The unverifiable local sync script and direct handling of cached auth files add risk, though there is no clear exploit payload or confirmed malware.