Is 1kalin/afrexai-real-estate-engine safe?

https://github.com/openclaw/skills/tree/main/skills/1kalin/afrexai-real-estate-engine

96
SAFE

This is a clean, benign educational skill containing real estate investment frameworks, calculators, and templates. It contains no executable code, no prompt injection attempts, no data exfiltration mechanisms, and all monitoring indicators are clean. The only notable observations are its large size (context window consumption), marketing links in the README, and an unrelated dependency artifact in lock.json.

Category Scores

Prompt Injection 94/100 · 30%
Data Exfiltration 100/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 96/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 88/100 · 5%

Findings (4)

LOW Oversized SKILL.md consumes context window -6

The SKILL.md file is approximately 1000+ lines of dense markdown content covering 11 phases of real estate investment. While all content is legitimate educational material, the sheer volume consumes a large portion of the agent's context window, potentially reducing its effectiveness on other tasks when this skill is active.

INFO Marketing upsell in README -5

The README promotes a paid 'AfrexAI Real Estate Context Pack' ($47) with external links to afrexai-cto.github.io/context-packs/. This is a marketing/monetization pattern, not a security concern, but users should be aware the skill author is promoting paid products.

INFO Unrelated dependency in lock.json -2

The .clawhub/lock.json file references 'academic-research-hub' as an installed skill, which is unrelated to real estate. This appears to be a template artifact or leftover from development and has no security impact.

INFO Standard network activity during installation -4

Network monitoring detected connections to GitHub (140.82.114.4:443) for cloning and Ubuntu/Canonical servers (185.125.x.x:443) for system updates. All traffic is expected infrastructure behavior with no suspicious external connections.