Oathe Security Badge

Is Millerderek/OpenClaw--Skill-CrashRepairKit safe?

https://github.com/Millerderek/OpenClaw--Skill-CrashRepairKit

92
SAFE

This is a legitimate OpenClaw maintenance skill that provides gateway monitoring, plugin management, and model validation functionality. While it includes executable code and system-level modifications, the implementation follows good practices with proper safety mitigations and serves a clear legitimate purpose.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 85/100 · 5%

Findings (3)

MEDIUM Executable Scripts with System Modifications -15

The skill contains multiple shell scripts that modify OpenClaw configuration files and install systemd services, providing persistent system-level access beyond the skill lifecycle.

LOW API Key Handling and Network Validation -10

The skill reads API keys from various locations and makes HTTP requests to validate provider endpoints, though this appears legitimate for its stated functionality.

LOW System Service Persistence -15

The skill installs systemd services that persist beyond the skill's lifecycle and can automatically modify system configuration on gateway startup.