clawdirect-dev

SUSPICIOUS: largely coherent as a developer guide for ATXP/MCP web apps, but it includes transitive skill installation, remote CLI usage, URL-based cookie bootstrap that can expose auth tokens, and agent-driven external mutations on claw.direct. The behavior fits the stated purpose, yet the trust expansion and token-in-query pattern make it medium risk rather than benign.