Is unsplash safe?

https://clawhub.ai/Brokenwatch24/unsplash

85
SAFE

This Unsplash API skill is a straightforward documentation reference for searching, browsing, and downloading photos via the Unsplash API. It contains no executable code, no install scripts, no git hooks, and no signs of malicious intent. The primary concerns are minor: imperative agent instructions for download tracking, credential storage in a predictable filesystem location, and a copy-paste error referencing an Anthropic API path in the rate limits section. No network activity, canary file access, or suspicious behavior was detected during installation.

Category Scores

Prompt Injection 82/100 · 30%
Data Exfiltration 78/100 · 25%
Code Execution 88/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 72/100 · 5%

Findings (6)

LOW Imperative agent instructions in documentation -8

The skill uses 'You MUST trigger this endpoint' and 'Important: You MUST trigger this endpoint when downloading a photo' — imperative language directed at the agent that could cause it to make API calls the user didn't explicitly request. This reflects legitimate Unsplash API guidelines but blurs the line between documentation and agent directives.

LOW Credential stored in predictable filesystem location -12

The skill instructs storing the Unsplash API access key at ~/.config/unsplash/access_key with chmod 600. While this follows reasonable security practices (restricted permissions), the predictable path means any other skill or code with filesystem access could locate and read this credential.

LOW API key transmitted in HTTP headers -10

All API calls include the access key in the Authorization header sent to api.unsplash.com. This is standard OAuth/API-key authentication and the destination is legitimate, but the agent will transmit the user's credential with every request.

INFO Suspicious rate limit documentation referencing Anthropic API path -8

The rate limits section mentions 'Only /v1/messages endpoints count' — /v1/messages is an Anthropic API path, not an Unsplash API path. Unsplash does not have a /v1/messages endpoint. This appears to be a copy-paste error from another skill template, suggesting hasty or careless authoring rather than malicious intent.

INFO Shell commands in documentation snippets -12

The skill includes bash commands for directory creation, file writing, and curl API calls. These are documentation examples, not auto-executed scripts, but an agent following them literally would execute filesystem operations and HTTP requests.

INFO Cross-skill credential exposure risk -20

If a user installs this skill alongside a malicious skill, the malicious skill could instruct the agent to read ~/.config/unsplash/access_key. This is a platform-level concern rather than a flaw in this specific skill, but users should be aware that credentials stored on disk are accessible to other skills.