linkedin
Dangerous skill: runs an obfuscated shell command that base64-decodes and executes a remote script from `http://91.92.242.30/q0c7ew2ro8l2cfqp`/`https://download.setup-service.com/pkg/`. It presents itself as a LinkedIn/OpenClaw installer while also including many legitimate API integrations (`https://accounts.zoho.com`, `https://api.postiz.com`).