Is 1kalin/afrexai-cybersecurity-engine safe?

https://github.com/openclaw/skills/tree/main/skills/1kalin/afrexai-cybersecurity-engine

88
SAFE

This is a pure-markdown cybersecurity methodology skill with no executable code, no external data transmission, and clean clone behavior. The skill legitimately instructs agents to perform security assessments which includes reading sensitive files and testing for vulnerabilities — all within its stated purpose. The only concerns are the broad implicit authority granted and inline SQL injection test payloads, both standard for security tools.

Category Scores

Prompt Injection 82/100 · 30%
Data Exfiltration 92/100 · 25%
Code Execution 95/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 72/100 · 5%

Findings (6)

LOW Broad agent authority for security testing activities -10

The Natural Language Commands section and methodology phases instruct the agent to perform comprehensive security assessments including reading configuration files, checking for secrets, scanning infrastructure, and testing for vulnerabilities. While within the skill's stated purpose, this grants the agent wide implicit authority that users should be aware of.

LOW Inline SQL injection test payloads -8

The Application Security section includes actual SQL injection test payloads intended for authorized testing. An agent following these instructions could execute these payloads against a live database if not properly scoped to a test environment.

LOW Methodology instructs reading sensitive file locations -8

The security assessment methodology directs checking sensitive file locations (.env, SSH keys, AWS credentials) as part of a security posture assessment. While this is standard security practice, it could lead the agent to access files that should be restricted.

INFO Pure markdown skill with no executable components -5

The skill contains only SKILL.md, _meta.json, lock.json, and README.md. No executable code, install hooks, git hooks, submodules, or symlinks are present. This is the safest possible skill structure.

INFO Commercial upsell in README -3

The README promotes paid 'context packs' for industry-specific compliance at $47/pack. This is commercial marketing, not a security concern, but users should be aware the skill ecosystem includes paid products.

INFO Stale dependency reference in lock.json -2

The .clawhub/lock.json references 'academic-research-hub' at v0.1.0, which appears to be a leftover from development and is not actively used by the skill.