Osori

Osori v1.6.1 — Local project registry & context loader with Telegram slash commands. Registry versioning + auto-migration + root filters + root management +...

This skill appears coherent for managing a local project registry. Before installing: 1) Inspect registry_lib.py and telegram-commands.sh (bundled) to confirm there are no unexpected network endpoints or secrets being sent; those files implement core behavior. 2) Be aware it will read/scan filesystem paths and write a registry under $HOME/.openclaw by default — if you want a different location set OSORI_REGISTRY first. 3) The 'gh' CLI and optional 'entire' CLI will operate with whatever credentials/config you already have for those tools (the skill does not request separate tokens but will invoke them), so ensure your gh/entire configs are trusted. 4) Run /doctor without --fix first to preview changes; backups (.bak/.broken) are created when modifications occur. If you want higher assurance, provide the full contents of registry_lib.py and telegram-commands.sh for a targeted review — absence of those would lower confidence.

Type: OpenClaw Skill Name: osori Version: 1.6.1 The OpenClaw AgentSkills bundle 'osori' contains shell injection vulnerabilities in `scripts/find_handler.py` and `scripts/switch_handler.py`. User-controlled input (project names) is directly embedded into `mdfind` and `find` commands using f-strings, without proper escaping. This allows an attacker to register a project with a crafted name (e.g., `foo" -exec /bin/sh -c "echo pwned`) and execute arbitrary commands on the host system when the `/find` or `/switch` commands are invoked. While this is a critical vulnerability, there is no evidence of intentional malicious behavior (e.g., data exfiltration, persistence, or backdoors) within the provided code, classifying it as 'suspicious' rather than 'malicious'.