R4

Access and manage credentials, secrets, and domain registrations securely using the R4 platform with injected environment variables and API calls.

This skill claims to be a password manager and domain registrar front-end that can read and inject all project secrets, but the registry info does not declare the required CLI or API key. Before installing: 1) Verify the skill author/source (unknown here) and confirm that r4.dev is legitimate for your environment. 2) Ask whether the R4 CLI is actually pre-installed and where the R4_API_KEY will come from; do not assume an API key is present. 3) Confirm the exact vault-item sharing/permissions — which vaults and fields are shared with the agent? 4) Be cautious about allowing autonomous runs that execute commands with injected secrets (r4 run) — secrets could be leaked if the agent runs networked commands. 5) Require the publisher to update registry metadata to list required binaries and the primary env var(s) (e.g., R4_API_KEY) so the permission scope is explicit. If you cannot verify these, run the skill in an isolated/test environment and audit CLI behavior and network calls before granting it access to production secrets.

Type: OpenClaw Skill Name: r4 Version: 1.0.2 The skill grants the AI agent highly privileged capabilities, including the ability to execute arbitrary shell commands (`r4 run -- <command>`) with all vault secrets injected as environment variables, and to manage domains (purchase, modify DNS records) via `curl` commands to `r4.dev`. While these capabilities are presented as legitimate tools for the agent's operation and the `SKILL.md` includes defensive security rules, the power to run arbitrary code with secrets and control domain infrastructure represents a significant attack surface. A compromised agent (e.g., via prompt injection) could leverage these capabilities for data exfiltration or service disruption, classifying it as suspicious due to high-risk functionality without explicit malicious intent from the skill developer.