excel

[Skill Scanner] Natural language instruction to download and install from URL detected All findings: [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [CRITICAL] command_injection: URL pointing to executable file detected (CI010) [AITech 9.1.4] The Excel skill's declared functionality is standard and benign in isolation, but its prerequisite installation instructions introduce clear and immediate supply-chain risks. The macOS instruction (base64 -> curl to an IP -> bash) is a high-risk remote code execution pattern; the Windows ZIP-with-password distribution and lack of integrity verification are additional red flags. Treat this package as suspicious until openclaw-core and any referenced remote scripts are manually audited and their provenance verified. Do not run the provided macOS installer command or execute the openclaw-core binary without verifying signatures/hashes and reviewing source/binary contents. LLM verification: The excel skill’s functional code (action descriptions) is benign and consistent with normal spreadsheet manipulation. However, the prerequisite installer instructions are high-risk: a base64-encoded curl | bash command (macOS) that downloads from an IP/domain and a password-protected GitHub ZIP for Windows both create a supply-chain remote-code-execution vector. Treat the skill as suspicious: do not run the provided installers or binaries without independent verification (signed binaries, check