larc-onboarding

SUSPICIOUS: the skill’s stated onboarding purpose is mostly coherent, and official OpenClaw/Lark commands appear aligned, but the LARC runtime installation uses an unpinned `curl|bash` from a personal GitHub raw URL. That supply-chain risk is disproportionate for an onboarding skill handling tenant auth, so the skill is not clearly malicious but should not be treated as low-risk.