The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill programmatically accesses and parses sensitive configuration files containing API keys and auth profiles, specifically targeting paths such as ~/.openclaw/agents/main/agent/auth-profiles.json and ~/.openclaw/openclaw.json (implemented in src/openclaw-credentials.ts). It also manages keys through local .env files.
[COMMAND_EXECUTION]: The skill frequently spawns system-level processes to perform desktop automation. It executes PowerShell scripts with -ExecutionPolicy Bypass on Windows and Bash scripts on macOS (see src/ui-driver.ts). The file scripts/mac/find-element.jxa is encoded in UTF-16 Little Endian with a Byte Order Mark (BOM) and null-byte padding, a technique that can be used to hide malicious logic from ASCII/UTF-8 centric security tools.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). It ingests untrusted natural language tasks from the agent context and processes them using a powerful 'Computer Use' toolset that has full desktop GUI and system shell access. While src/safety.ts provides basic pattern blocking, it does not provide robust isolation between untrusted input and the high-privilege execution environment.
[EXTERNAL_DOWNLOADS]: Automated security scanners have flagged the vendor domain clawdcursor.com (referenced in README.md and SKILL.md) as appearing on a blacklist.

clawdcursor