Is awscli safe?

The install process opened and read /home/oc-exec/.aws/credentials. While this may be part of the OpenClaw platform's config resolution rather than the skill itself, accessing cloud credentials during skill installation — before the user has explicitly authorized AWS access — is a significant trust concern.

The installer read /home/oc-exec/.env which may contain secrets, API keys, and other sensitive environment variables.

The install process created 14+ compiled JavaScript files in /tmp/jiti/, indicating runtime code compilation and execution. This is likely platform behavior (jiti transpiler) but means untrusted code paths are executed during install.

The skill install failed with a timeout error, meaning the skill is non-functional. The installer hung long enough to trigger the timeout, which could indicate a heavy dependency resolution, a network request that was blocked, or a deliberate stalling technique.

The lock.json references 'academic-research-hub' as the installed skill rather than 'awscli'. This naming discrepancy could indicate a misconfigured package, a dependency pulled in unexpectedly, or a bait-and-switch where a different skill is actually being installed.

A lock file was created at /tmp/openclaw-1000/gateway.e9191928.lock during install, suggesting the platform attempted to start a local gateway process. While likely platform behavior, it indicates background process management during install.

Despite accessing credentials and config files, no outbound network connections were observed. This is a positive indicator that no immediate data exfiltration occurred during the monitored install window.

The skill contains no SKILL.md file, meaning it provides no instructions to the LLM agent. This means there are no prompt injection vectors, but also means the skill is non-functional as a prompt-based skill.