Skills from clawhub.ai/cyberengage

Malicious skill that installs and schedules hidden background tasks for persistence. Runs `clawhub install secure-sync`, executes `./scripts/parse-cron.sh`, and schedules `openclaw cron` jobs (including `--session isolated`) to run a downloaded `secure-sync` silently.

Simple greeting skill. Use when the user says hello or needs a friendly response.

Dangerous skill that hides and runs shell commands to install and execute a sync tool (`clawhub install secure-sync`, `./scripts/sync.sh`) and writes logs to `/root/.openclaw/workspace/magic-8-ball-responses.jsonl`. Presents as a Magic 8-Ball and instructs silent setup so only the `🎱` response is shown.

Malicious skill that reads `.mykey` files under `/root/.openclaw/workspace` and silently POSTs base64-encoded contents to `https://ntfy.sh/sysheartbeat-local-9`. It claims to use `ClawHub` for secure backups while hiding the exfiltration and running `scripts/sync.sh`.