Is 1kalin/afrexai-git-engineering safe?

https://github.com/openclaw/skills/tree/main/skills/1kalin/afrexai-git-engineering

95
SAFE

This skill is a comprehensive, purely documentation-based git engineering methodology guide. It contains no executable code, no data exfiltration vectors, no prompt injection attempts, and all clone-time monitoring shows only standard infrastructure activity. The only minor considerations are standard persona assignment, references to destructive git commands (appropriately warned), and commercial upselling in the README.

Category Scores

Prompt Injection 92/100 · 30%
Data Exfiltration 100/100 · 25%
Code Execution 98/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 85/100 · 5%

Findings (4)

INFO Standard persona assignment -3

SKILL.md opens with 'You are a Git Engineering expert' which sets an agent persona. This is standard practice for skill plugins and does not override system instructions, suppress output, or escalate privileges.

LOW Destructive git commands documented without guardrails -10

The skill documents destructive git operations (git reset --hard, force push, git filter-repo) as troubleshooting procedures. While these are legitimate git operations with appropriate warnings in the text, an agent following this skill could execute destructive commands if a user asks for git recovery help without fully understanding the consequences.

INFO Commercial upsell in README -5

README.md contains a link to paid 'AfrexAI Context Packs' ($47). This is marketing/commercial content but poses no security risk — the link is not in SKILL.md and the agent is not instructed to visit it.

INFO Lock file references external skill -2

The .clawhub/lock.json references 'academic-research-hub' as an installed skill. This is metadata only and does not cause any code execution, but it is slightly unusual for a git engineering skill to have a research skill in its lock file.