Oathe Security Badge

Is Aerobase-app/aerobase-openclaw-skill safe?

https://github.com/Aerobase-app/aerobase-openclaw-skill

94
SAFE

This is a legitimate flight search skill that integrates with the Aerobase API for jetlag-optimized travel planning. The Python code is well-written with proper error handling and no dangerous operations. All monitoring showed clean behavior with no attempts to access sensitive files or perform unauthorized operations.

Category Scores

Prompt Injection 98/100 · 30%
Data Exfiltration 92/100 · 25%
Code Execution 88/100 · 20%
Clone Behavior 98/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 92/100 · 5%

Findings (3)

LOW External API Dependency -5

The skill makes HTTP requests to aerobase.app API endpoints, which could theoretically be compromised in a supply chain attack to intercept user flight search queries and API keys.

LOW Executable Python Code Present -7

The skill contains a Python CLI tool that processes user input and makes network requests. While the code appears safe with proper error handling, any executable code presents some risk.

INFO API Key Requirement -3

The skill requires users to provide an AEROBASE_API_KEY environment variable, creating a credential exposure risk if the API service is compromised.