Is 1kalin/afrexai-insurance-automation safe?

https://github.com/openclaw/skills/tree/main/skills/1kalin/afrexai-insurance-automation

89
SAFE

This skill is a pure markdown reference document for insurance operations with no executable code, no data exfiltration vectors, and clean clone behavior. The primary concerns are embedded agent persona prompts that could influence LLM behavior, and external URLs to author-controlled domains that double as a sales funnel for paid products. No malicious intent detected.

Category Scores

Prompt Injection 75/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 72/100 · 5%

Findings (5)

MEDIUM Embedded agent persona definitions -15

The skill contains two agent prompt templates ('Underwriting Agent' and 'Claims Triage Agent') that define agent personas with specific behavioral instructions. While presented in markdown code blocks as examples, these could be interpreted as active system instructions by LLMs, causing the agent to adopt insurance-specific personas and processing behaviors without explicit user consent.

LOW External URLs to author-controlled domains -10

Three external URLs point to afrexai-cto.github.io subpages. While currently static marketing pages, content at these URLs could be modified post-audit to include prompt injection payloads if an agent is instructed to fetch them. The URLs are presented as passive links, not fetch directives.

LOW Marketing content embedded in skill -13

The skill's Resources section is a sales funnel for AfrexAI paid products ($47/pack, $97 bundle of 3, $197 for 10, $247 for everything). This uses the skill distribution platform as a marketing channel, which while not a security vulnerability, represents a commercial interest that could influence the objectivity of the insurance guidance provided.

INFO No data exfiltration vectors detected -5

The skill contains no code, no file read instructions, and no data transmission directives. External URLs are passive marketing links. No encoding or steganographic techniques observed.

INFO Unexpected lock.json dependency reference -5

The .clawhub/lock.json references 'academic-research-hub' skill as a dependency, which is thematically unrelated to insurance operations. This may indicate cross-skill dependency patterns or a shared development environment artifact.