The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: Instructions in reference/tui.md recommend downloading pre-compiled binaries from github.com/Martian-Engineering/lossless-claw/releases, which is an untrusted third-party repository.
[REMOTE_CODE_EXECUTION]: The skill directs users to install a Go-based tool via go install github.com/Martian-Engineering/lossless-claw/tui@latest, which involves downloading and executing code from an external repository.
[COMMAND_EXECUTION]: The skill provides complex shell instructions in reference/fts5.md for cloning the Node.js source, patching build files, and compiling a custom runtime. It also instructs the user to modify a macOS LaunchAgent plist (~/Library/LaunchAgents/ai.openclaw.gateway.plist) and use launchctl to manage a persistent background service.
[DATA_EXFILTRATION]: The skill documentation (e.g., reference/architecture.md and reference/tui.md) describes accessing sensitive configuration and credential files, such as ~/.openclaw/openclaw.json and environment variables like ANTHROPIC_API_KEY, to facilitate LLM provider authentication.
[PROMPT_INJECTION]: The skill is designed to ingest and summarize untrusted conversation data and tool outputs, creating a surface for indirect prompt injection.
Ingestion points: Conversation history from SQLite databases (lcm.db) and JSONL session files.
Boundary markers: Employs XML delimiters (e.g., <summary>, <content>, <parents>) to encapsulate processed data as described in reference/architecture.md.
Capability inventory: Spawns sub-agents for DAG expansion and interacts with the local file system for storage of large files intercepted from tool outputs.
Sanitization: Implements a three-level prompt escalation strategy (Normal -> Aggressive -> Fallback) and deterministic truncation to mitigate risks from malformed or malicious LLM outputs.

lossless-claw-use