Is brw-linkedin-authority-builder safe?

https://clawhub.ai/BrianRWagner/brw-linkedin-authority-builder

97
SAFE

This is a benign content strategy skill that provides LinkedIn marketing advice and post templates. It contains no executable code, no prompt injection attempts, no data exfiltration vectors, and no requests for tool access. The only notable element is a transparent self-promotional link to the author's website, which poses no security risk.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 100/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 95/100 · 5%

Findings (3)

LOW External promotional URL in skill content -5

The SKILL.md contains a call-to-action link to the author's personal website (brianrwagner.com) at the bottom of the file. This is a standard self-promotional link and does not instruct the agent to fetch, visit, or interact with the URL. It appears as static text that would be rendered to the user as part of the skill output.

INFO Expected registry network connection during install -5

During installation, the VM connected to 216.150.1.1:443 over TLS. This is consistent with the clawhub.ai skill registry download. No other unexpected external connections were observed. All other network traffic was local (mDNS, systemd-resolved DNS, CUPS).

INFO Skill is content-only with no tool requirements -5

This skill functions as a pure text template and advisory guide for LinkedIn content strategy. It asks the user questions about their expertise and goals, then produces a structured content plan. No filesystem access, shell commands, network requests, or other tool invocations are required or requested. The attack surface is minimal.