openclaw

SUSPICIOUS: the core setup purpose is plausible, but the skill’s footprint is broader than a simple config installer. The biggest concerns are unverifiable install provenance, an autonomous hourly Claude cron job, and use of --dangerously-skip-permissions. Optional API integrations are mostly proportional, but combined with autonomous workflows they materially raise risk.