setup

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [CRITICAL] command_injection: Instruction to copy/paste content into terminal detected (CI012) [AITech 9.1.4] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] This is a setup/configuration instruction for NanoClaw that requests and configures high-privilege capabilities (LLM credentials, WhatsApp admin channel, host directory mounts, persistent background service). The content itself is not clearly malicious (no obfuscated code, no hardcoded secrets, no explicit exfiltration endpoints). However the setup model grants broad access to sensitive local data and credentials and instructs running npm install/build and container images without recommending integrity checks. Because those actions can be abused by a malicious or compromised agent/container, the package should be treated with caution. Operators must review the project's code (especially postinstall/build scripts and container contents), avoid granting unnecessary mounts, prefer read-only mounts where possible, store credentials securely, and use a personal "main" control chat as recommended. Verdict: SUSPICIOUS due to high privilege footprint and supply-chain risks rather than explicit malware found. LLM verification: The setup fragment is ambitiously feature-rich for a complex agent deployment but exhibits multiple security-sensitive patterns (credential store reads, plaintext token storage in .env, and privileged system actions) that require strict safeguards. To be acceptable for production use, tighten credential handling (encrypted or access-controlled secret storage, minimized reads), implement explicit user consent and audit trails for privileged actions, add integrity verification for external compone