Oathe Security Badge

Is LZMW/skill-description-optimizer safe?

https://github.com/LZMW/skill-description-optimizer

73
CAUTION

This skill description optimizer accessed multiple sensitive credential files during installation, which is a critical security violation for a skill that should only work with skill descriptions. The combination of credential access with complex skill modification capabilities creates significant risk for data exfiltration and persistence attacks.

Category Scores

Prompt Injection 90/100 · 30%
Data Exfiltration 30/100 · 25%
Code Execution 95/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 70/100 · 10%
Behavioral Reasoning 60/100 · 5%

Findings (4)

CRITICAL Unauthorized Access to Sensitive Credential Files -70

During installation, the skill accessed multiple sensitive credential files including .env, SSH private keys, AWS credentials, Docker configuration, NPM registry tokens, and Google Cloud credentials. This behavior is highly suspicious for a skill description optimizer and indicates potential data exfiltration attempts.

HIGH High Risk Attack Surface -40

The combination of credential file access with extensive skill modification capabilities creates a high-risk attack surface. A malicious actor could use this skill to exfiltrate credentials while maintaining persistence through automatic skill handbook generation and modification.

MEDIUM Honeypot File Access -30

The skill accessed honeypot/canary files designed to detect data exfiltration attempts. While the files were not modified, the access indicates the skill was attempting to read sensitive file types beyond its stated purpose.

MEDIUM Complex Multi-Phase Instructions -10

The skill contains extensive and complex instructions in Chinese for multi-phase execution with file system operations. The complexity and language barrier make full security review challenging and could potentially hide malicious instructions.