Oathe Security Badge

Is Zjianru/events-framework safe?

https://github.com/Zjianru/events-framework

92
SAFE

This is a legitimate event notification framework for OpenClaw that processes local events and sends notifications via Telegram. The code is transparent, well-documented, and performs only its stated functionality with no malicious behavior detected.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 85/100 · 25%
Code Execution 90/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 90/100 · 5%

Findings (2)

LOW Telegram API Integration -15

The skill includes functionality to send notifications via Telegram API, which could potentially be used to exfiltrate data. However, this is the declared purpose of the skill and the implementation appears legitimate.

LOW Python Executable Script -10

The skill contains an executable Python script. The script appears legitimate and implements the described event processing functionality without malicious code.