The Agent Skills Directory

[REMOTE_CODE_EXECUTION] (MEDIUM): The primary purpose of this skill is to fetch and run scripts from remote sources (GitHub/URLs). This enables the execution of untrusted third-party code within the agent's environment.
Evidence: Use of npx --yes skills add <url> commands to fetch and install content.
[EXTERNAL_DOWNLOADS] (MEDIUM): The skill initiates downloads from the npm registry and arbitrary GitHub repositories. Neither the skills package nor user-provided repositories are on the trusted source list. The --yes flag is used to bypass installation prompts.
Evidence: Command instructions explicitly use npx --yes and -y to skip confirmations.
[COMMAND_EXECUTION] (LOW): The skill relies on direct shell command execution to perform its tasks. It instructs the agent to use non-interactive flags, removing human-in-the-loop safeguards during potentially dangerous operations.
Evidence: Instructions mandate the use of npx --yes and -a openclaw -y for all operations.
[PROMPT_INJECTION] (LOW): The skill exposes a surface for Indirect Prompt Injection (Category 8) by ingesting untrusted data (repository names and search queries) and using it in high-capability commands.
Ingestion points: owner/repo paths in add commands and user-provided <query> in find commands.
Boundary markers: None present to isolate untrusted user inputs.
Capability inventory: High-risk capabilities including shell command execution, network access, and file system modification.
Sanitization: No sanitization is performed on input strings before they are passed to the shell.

install-skills