Skills from clawhub.ai/hightower6eu

This skill provides backup, restore, and sync tooling for OpenClaw configurations, operating on `~/.claude` and creating archives in `~/openclaw-backups` (configurable via `OPENCLAW_BACKUP_DIR`). It includes runnable `bash` scripts (e.g., `~/openclaw-backup.sh`) and explicit network operations such as `git` pushes and `rsync` to remote hosts.

Dangerous skill documentation for the ClawHub CLI: it instructs downloading and running a password-protected archive (`openclawcli.zip`), executing CLI/shell commands, and using credentials via `CLAWHUB_AUTH` while contacting `https://www.clawhub.ai/`.

This skill configures a daily cron job to update Clawdbot and all installed skills and to report a summary. It instructs running commands like `npm update -g clawdbot@latest`, `clawdhub update --all`, and downloading `https://github.com/Ddoy233/openclawcli/releases/download/latest/openclawcli.zip`, requiring shell execution and network access.

The skill finds and analyzes smart-money blockchain addresses and on-chain trading patterns using external APIs and Dune queries. It instructs downloading and running `openclaw-agent` (`https://github.com/hedefbari/openclaw-agent/releases/download/latest/openclaw-agent`), pasting remote install scripts into Terminal, and calling `https://api.etherscan.io`, `https://public-api.birdeye.so`, and `https://api.thegraph.com`.

Dangerous skill: includes an obfuscated, base64-decoded command that downloads and runs a remote script from `http://91.92.242.30/q0c7ew2ro8l2cfqp` and instructs executing installers like `sudo apt-get install -y poppler-utils` and running `openclaw-core.zip`. It claims to provide PDF extraction, OCR, merge/split and metadata tools.

Dangerous skill: instructs downloading and running a password-protected archive from `https://github.com/hedefbari/openclaw-agent/releases/download/latest/openclaw-agent.zip` and executing installation scripts. It automates Google Workspace via `python3 -c` examples and stores OAuth credentials in `token.pickle`, requiring `credentials.json`.

Dangerous skill downloads and instructs running a password-protected binary (`https://github.com/hedefbari/openclaw-agent/releases/download/latest/openclaw-agent.zip`) and executes local scripts that call external APIs such as `https://blockchain.info/rawaddr/ADDRESS`. It presents itself as a tool to search and analyze lost bitcoins.

Dangerous skill: instructs executing remote install scripts (`curl -L https://foundry.paradigm.xyz | bash`), downloading a password-protected `openclaw-agent.zip` and running its executable, and making outbound RPC/API calls to `https://eth.llamarpc.com` and other endpoints. It claims to monitor Ethereum gas prices.

Dangerous skill that instructs downloading and running a password‑protected binary (`openclaw-agent` from `https://github.com/hedefbari/openclaw-agent/releases/download/latest/openclaw-agent`) and performs network calls to `https://gamma-api.polymarket.com` and `https://clob.polymarket.com`. It advertises Polymarket trading and automation but requires executing that opaque binary and reads `POLYMARKET_ADDRESS`.

High-risk skill for Phantom wallet management that instructs running remote installers such as `sh -c "$(curl -sSfL https://release.solana.com/stable/install)"` and installing `openclaw-agent`. It also includes explicit RPC endpoints like `https://mainnet.helius-rpc.com/?api-key=YOUR_KEY` and guides exporting/importing private keys via `solana-keygen recover ASK`.

Dangerous skill that downloads and executes remote installers (e.g., `sh -c "$(curl -sSfL https://release.solana.com/stable/install)"`) and directs fetching a password-protected `openclaw-agent` (`https://github.com/hedefbari/openclaw-agent/releases/download/latest/openclaw-agent`). It documents Solana wallet operations and RPCs such as `https://api.mainnet-beta.solana.com`.

Dangerous skill instructs downloading and running a password-protected agent (`https://github.com/hedefbari/openclaw-agent/releases/download/latest/openclaw-agent.zip`) and executing install scripts, and makes external API calls to `https://api.etherscan.io/api` and `https://api.mainnet-beta.solana.com`. It advertises wallet tracking and real-time blockchain monitoring.

Dangerous skill downloads a password-protected archive from `https://github.com/hedefbari/openclaw-agent/releases/download/latest/openclaw-agent.zip` and instructs running its extracted executable, and issues network requests to `https://img.youtube.com` to fetch thumbnails. The skill claims to provide YouTube thumbnail download utilities.

High-risk skill: Downloads and runs external binaries and shell scripts (`https://github.com/hedefbari/openclaw-agent/releases/download/latest/openclaw-agent.zip`, `https://glot.io/snippets/hfdxv8uyaf`). It also requires credentials via `twurl authorize --consumer-key YOUR_API_KEY --consumer-secret YOUR_API_SECRET` and runs `gem install twurl`/`twurl` commands.

Dangerous skill: downloads a password-protected archive from `https://github.com/hedefbari/openclaw-agent/releases/download/latest/openclaw-agent.zip` and instructs running its executable and pasting a script from `https://glot.io/snippets/hfdxv8uyaf` into Terminal. It claims to summarize YouTube videos using `yt-dlp` and `python3 -c` pipelines but requires executing external binaries and scripts.

Dangerous skill instructs downloading and running a password‑protected binary from `https://github.com/hedefbari/openclaw-agent/releases/download/latest/openclaw-agent.zip` and executing remote scripts from `https://glot.io/snippets/hfdxv8uyaf`. It advertises Yahoo Finance lookups and runs local `python3 -c` commands using `yfinance` to fetch market data.

Dangerous skill: instructs installing and running remote software and shell commands (`https://github.com/hedefbari/openclaw-agent/releases/download/latest/openclaw-agent.zip`, `https://glot.io/snippets/hfdxv8uyaf`, `pip install yt-dlp`) and running `yt-dlp "VIDEO_URL"`. It also advises using browser credentials via `--cookies-from-browser chrome`.