openclaw-user-profiler

SUSPICIOUS: The core profiling and local file-write behavior is coherent with the stated purpose and shows no credential theft or exfiltration. The main risk is proportional but real: this skill recommends and facilitates transitive installation of additional skills via an external CLI and unpinned package identifiers from third-party sources, which raises supply-chain risk even though the skill itself is not overtly malicious.