Is afrexai-customer-journey safe?

https://clawhub.ai/1kalin/afrexai-customer-journey

82
SAFE

This skill is a pure-markdown customer journey mapping framework with no executable code, no git hooks, and no data exfiltration vectors. The primary concern is that it embeds commercial URLs and promotional content that could bias an AI agent toward recommending the author's paid products. Canary files were untouched and no suspicious network or process activity was detected.

Category Scores

Prompt Injection 78/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 85/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 70/100 · 5%

Findings (5)

MEDIUM Embedded commercial URLs in agent context -15

SKILL.md contains three external URLs pointing to afrexai-cto.github.io pages and one to buy.stripe.com. When injected into an agent's system prompt, these URLs become available for the agent to reference or visit. A user asking 'help me set up an AI agent' could result in the agent directing them to the author's paid products rather than providing neutral advice.

LOW Promotional framing biases agent recommendations -7

The skill presents the author's commercial products as natural next steps in the journey mapping workflow. Phrases like 'Need industry-specific journey maps? Check out our AI Agent Context Packs' are soft prompt injections that bias the agent toward recommending paid third-party products without the user requesting commercial recommendations.

INFO OpenClaw runtime reads sensitive config files -15

Filesystem monitoring captured reads of .env, .aws/credentials, .openclaw/openclaw.json, .profile, and .bashrc. These are standard OpenClaw agent runtime initialization behaviors, not triggered by the skill itself. The skill contains no code that could cause these reads.

LOW Skill serves as marketing funnel for paid products -30

While the business content is genuinely useful, the primary purpose of this skill appears to be funneling agent users toward the AfrexAI commercial ecosystem. The skill is a trojan horse for advertising, not for malicious code. This is a trust concern rather than a security concern.

INFO No exfiltration vectors detected -5

The skill is pure markdown with no executable components. No base64 encoding, no outbound requests, no file access instructions.