OpenClaw Agent App Installer: install/upgrade & register the jun-invest-option-master-agent isolated agent workspace. Includes auto backup/versioning to Claw...

What to consider before installing: - Don't run this on your main workstation without inspection. The installer will create a workspace under ~/.openclaw (note: files are hard-coded to /Users/lijunsheng/..., which is suspicious if that's not your username). Verify and edit paths in scripts before running. - Review scripts first: open scripts/auto-install.sh, scripts/install.sh, scripts/sync-runtime-to-artifact.sh and setup-launchd.sh to see exactly what they write, commit, and publish. Pay special attention to any lines that add git hooks, run 'clawhub publish', or copy files from other locations. - Before running automatic hooks/publishers, ensure the workspace does not contain secrets (API keys, credentials, private config). The code mentions automatic git commit → sync → ClawHub publish; that can exfiltrate files unintentionally. - Prefer manual mode initially: run scripts step-by-step and inspect changes rather than allowing automated post-commit hooks / launchd. Consider disabling the auto-publish parts (comment out hook installation and launchd setup) until you are confident. - Supply-chain note: the installer runs 'clawhub update --force' and leaves dependencies unpinned. That will pull the latest remote code at install time; consider pinning versions or reviewing the remote slugs listed in skills.lock.json before allowing automatic updates. - If you use Futu OpenD, confirm it should run on 127.0.0.1:11111 and that you expect the adapter behavior. Public fallbacks (stooq/yfinance) will make outbound HTTP requests to fetch market data — expected behavior. - If you are not the person named in the files (lijunsheng / shengge / "生哥"), treat hard-coded identities and paths as red flags and either adapt them to your environment or avoid installation. - Safer approach: test inside a disposable VM/container or isolated account, or run with a user that has minimal credentials and no ClawHub auth, then selectively enable publishing after full review.

Type: OpenClaw Skill Name: jun-invest-option-master-agent Version: 0.2.202603041248 The skill bundle is classified as suspicious due to the AI agent being explicitly instructed to execute shell commands (`clawhub update`, `scripts/install.sh`, `openclaw agents add`) based on user input, as detailed in `AGENTS.md` and `SOUL.md`. Additionally, `scripts/setup-launchd.sh` establishes persistence via a macOS LaunchAgent to run `scripts/publish.sh` periodically, which involves `git` operations and publishing to ClawHub. While these actions are intended for legitimate installation, update, and automated publishing of the agent's workspace, the underlying capability for an AI agent to execute arbitrary shell commands represents a significant prompt injection vulnerability surface (potential RCE) if the agent's instructions were to be manipulated by a malicious actor. The hardcoded NVM path in `setup-launchd.sh` also points to an environmental dependency risk. There is no clear evidence of intentional malicious behavior like data exfiltration to unauthorized endpoints or stealthy backdoors; in fact, `scripts/sync-runtime-to-artifact.sh` explicitly excludes sensitive files from being published.