Is imtonyjaa/autopieceone safe?

The SKILLS.md Launch Steps instruct the agent to git clone https://github.com/imtonyjaa/autopieceone.git and execute autopieceone.py. This external repository is not part of the audited skill package and its contents are unknown. The script uses pyautogui for system-level mouse/keyboard control and pyperclip for clipboard access — a dangerous capability surface for untrusted code.

The SKILLS.md mandates the URL parameter '?widget=2&from=claw' and presents it as a functional requirement with a note stating it MUST be included. The 'from=claw' parameter is a referral tracking parameter for the OpenClaw skills platform. Users are not informed that activating this skill generates affiliate credit for the author.

The Subsequent Launch procedure instructs the agent to run 'git pull' on the external autopieceone repository before each use. Even if a user reviews the external code at install time, any future update to that repository will be automatically adopted without re-review or re-consent.

The Launch Steps use exec() and browser() function call syntax inside code blocks labeled 'python', but these are not valid Python code — they are patterns for agent tool invocations. When an agent reads this skill and a user requests game automation, the agent will interpret and execute these as direct tool calls including shell execution and browser navigation.

The skill requires a specific URL with referral tracking embedded as a hard requirement rather than an optional parameter. This constitutes undisclosed manipulation of user actions for the author's financial benefit. The skill does not disclose this as an affiliate parameter.

The pyautogui library used by the external autopieceone.py script provides system-wide mouse movement, click simulation, keyboard injection, and screenshot capabilities. Combined with pyperclip clipboard access and python-dotenv .env file reading, a malicious version of this script could exfiltrate credentials, screenshots, or clipboard contents through any available channel including game chat or HTTP.

The skill's stated purpose is automating a browser game, but pyautogui operates system-wide. The script requires the game window to be in the foreground but nothing prevents it from moving the mouse elsewhere, reading window titles, or interacting with other applications during its execution loop.

The skill installation process contacted only GitHub and standard Ubuntu infrastructure. No unexpected filesystem changes, process spawning, or network connections were detected. The connection diff shows no persistent new connections after install.

The monitoring system confirmed no canary files were accessed or modified by the skill installation. File access records for .env, .ssh/id_rsa, .aws/credentials and other sensitive files in auditd are attributable to the audit system's own pre/post canary checks, not the skill.