Is 1kalin/afrexai-knowledge-management safe?
https://github.com/openclaw/skills/tree/main/skills/1kalin/afrexai-knowledge-management
This skill is a pure methodology document providing knowledge management frameworks, templates, and assessment rubrics. It contains no executable code, no external URL fetch instructions, no data exfiltration vectors, and no prompt injection patterns. All monitoring signals (network, filesystem, process, canary) are clean. The only notable aspects are its large size (~700 lines consuming agent context), marketing links to paid products in the README, and an unexplained dependency on another skill.
Category Scores
Findings (4)
LOW Marketing upsell in README -5 ▶
README.md promotes paid 'AfrexAI Context Packs' at $47 with links to external storefront (afrexai-cto.github.io/context-packs/). The free skill appears to serve as a lead generation tool. This is a commercial pattern, not a security concern.
INFO Large context consumption -5 ▶
SKILL.md is approximately 700+ lines of methodology content. While all content is benign, the large size consumes significant agent context window space, potentially reducing capacity for other tasks or instructions.
INFO Unexplained skill dependency in lock.json -5 ▶
The .clawhub/lock.json file references a dependency on 'academic-research-hub' v0.1.0, but there is no obvious reason a knowledge management skill would depend on an academic research skill. No malicious behavior was observed from this dependency.
INFO Interview template discusses credentials -2 ▶
The Knowledge Extraction Interview Guide includes the question 'What tools, credentials, or access do you need?' This is appropriate in the context of documenting human workflows but could theoretically normalize credential discussion in agent conversations. Risk is negligible.