openclaw-genie

The skill's described purpose (self-hosted, local-data OpenClaw gateway with multi-channel support and agent management) is broadly coherent with its extensive feature set. However, the present installation pattern (curl | bash from a remote domain) combined with broad access surfaces (camera/canvas on nodes, memory storage, OAuth/keys, multi-cloud deployment) creates a notable risk profile. The footprint includes legitimate, powerful capabilities appropriate for a self-hosted gateway, but the install method and large data-access surface warrant heightened scrutiny and mitigations (verified releases, signature checks, explicit sandboxing, least-privilege access, and explicit data-flow controls). Overall risk posture should be classified as SUSPICIOUS pending tighter supply-chain controls and clearer credential/data-flow governance.