The Agent Skills Directory

[COMMAND_EXECUTION]: The skill's core functionality involves orchestrating and spawning subprocesses for various command-line interfaces (including Claude Code, Codex, and Gemini). This provides the agent with extensive local execution capabilities over these tools.
[REMOTE_CODE_EXECUTION]: The claude_session_start tool supports an engine type of custom. This allows a user or an agent to specify an arbitrary binary path (bin) and associated arguments, facilitating the execution of any executable file on the system or a provided path.
[EXTERNAL_DOWNLOADS]: The installation instructions for the skill involve downloading several packages from the NPM registry, including official vendor tools and the author's own integration package (@enderfga/openclaw-claude-code). It also references the installation of the Cursor Agent via a shell script from a remote domain.
[DATA_EXFILTRATION]: The skill provides configuration options for OpenTelemetry logging (otelLogUserPrompts, otelLogRawApiBodies). If enabled, these features can capture and transmit raw request and response data—which may contain sensitive proprietary code or session metadata—to external logging endpoints.
[PROMPT_INJECTION]: The cross-session messaging system (claude_session_send_to) and the 'Council' multi-agent orchestration feature allow data from one session to be injected into another. While the skill uses XML tags for logical separation, this creates an attack surface for indirect prompt injection from processed data or other agents.

claude-code-skill