Is 0x00000003/douyin-cover-builder safe?

https://github.com/openclaw/skills/tree/main/skills/0x00000003/douyin-cover-builder

87
SAFE

This skill appears to be a legitimate tool for generating image prompts for Douyin (TikTok) covers, containing only markdown documentation and templates with no executable code. The main concern is privacy-related requests for user photo uploads, though the skill itself lacks capability to process or exfiltrate data.

Category Scores

Prompt Injection 75/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 95/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 75/100 · 5%

Findings (3)

MEDIUM User Photo Upload Request -20

The skill instructs users to upload their photos with the stated purpose of maintaining consistent facial features in generated images. While potentially legitimate for AI image generation, this presents privacy risks if photos are misused.

LOW External GitHub Repository References -5

The skill references external GitHub URLs that users might visit. While these appear to be legitimate repositories owned by the skill author, they could potentially be used for redirection.

INFO No Malicious File Access 0

Analysis of filesystem monitoring shows credential file accesses occurred during monitoring system setup, not from the skill itself. The skill contains only markdown documentation files.