Is 1kalin/afrexai-productivity-system safe?

https://github.com/openclaw/skills/tree/main/skills/1kalin/afrexai-productivity-system

96
SAFE

This is a benign, text-only productivity methodology skill with no executable code, no file access instructions, no external data transmission, and no prompt injection attempts. The SKILL.md is a comprehensive but inert productivity framework spanning energy management, task prioritization, and focus engineering. The only minor concerns are promotional content in the README (not in the injected prompt) and a large context window footprint.

Category Scores

Prompt Injection 93/100 · 30%
Data Exfiltration 100/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 88/100 · 5%

Findings (4)

INFO Standard persona override -2

SKILL.md opens with 'You are a personal productivity architect' which sets the agent's role. This is standard practice for skills and does not attempt to override system-level instructions, suppress output, or escalate permissions.

LOW Large context consumption -5

SKILL.md is approximately 800 lines of productivity methodology across 11 phases. While not malicious, this consumes significant context window space which could reduce the agent's capacity for other tasks. This is a quality concern, not a security concern.

LOW Promotional content in README -7

README.md contains marketing links to paid AfrexAI Context Packs ($47) and five other AfrexAI skills. This is promotional content but is confined to README (not injected into agent prompt) and poses no security risk.

INFO Stale lock.json references unrelated skill -5

The .clawhub/lock.json file references 'academic-research-hub' skill which is unrelated to this productivity system. Likely an artifact from the author's development environment. No security impact as it is inert metadata.