Is achals-iglu/omarchy safe?

https://github.com/openclaw/skills/tree/main/skills/achals-iglu/omarchy

89
SAFE

The achals-iglu/omarchy skill is a legitimate workflow assistance skill for the Omarchy Linux distribution that guides agents to prefer Omarchy-native wrapper scripts over generic Linux commands. The skill content is clean with no prompt injection, hidden instructions, or data exfiltration vectors in the SKILL.md text itself, and the installation was well-behaved with no unexpected network activity. The primary concerns are the hardcoded author username in a filesystem path (/home/achals/) rather than a dynamic home reference, the presence of an omarchy-upload-log command without destination disclosure, and the aggressive default-to-Omarchy assumption that could misdirect agents on non-Omarchy systems.

Category Scores

Prompt Injection 83/100 · 30%
Data Exfiltration 87/100 · 25%
Code Execution 96/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 74/100 · 5%

Findings (6)

LOW Hardcoded author username in filesystem path -10

The skill instructs the agent to inspect scripts under /home/achals/.local/share/omarchy/bin. The username 'achals' is the skill author's own username and is hardcoded rather than being parameterized to the active user's home directory. On any system where the logged-in user is not 'achals', this either silently fails or directs the agent to explore another user's home directory.

LOW omarchy-upload-log in command catalog without destination disclosure -13

The skill's command catalog includes omarchy-upload-log. This command's upload destination is not disclosed in the skill. An agent following this skill and asked to share diagnostics or debug a system issue could be guided toward invoking this command, potentially exfiltrating system logs to an endpoint controlled by the Omarchy project or the script's author.

LOW Skill assumes Omarchy context without system verification -18

The skill description states to use it 'whenever handling local system tasks on this host unless the user explicitly says it is not Omarchy'. This creates an opt-out rather than opt-in model. On a non-Omarchy system, an agent operating under this skill would attempt omarchy-* commands that don't exist, potentially causing the agent to take alternative actions or misinterpret failures.

LOW Catalog includes high-impact irreversible system commands -8

The skill catalogs omarchy-reset-sudo, omarchy-reinstall, omarchy-update-firmware, omarchy-update-system-pkgs, and the full omarchy-pkg-aur-* family. While the skill requires confirmation before executing these, the guardrail is advisory text relying on the agent's judgment rather than a technical enforcement mechanism.

INFO No executable code or install-time execution vectors found -4

Skill package contains only SKILL.md and _meta.json. No JavaScript, shell scripts, git hooks, gitmodules, gitattributes filters, or symlinks are present. Installation clone contacted only GitHub via expected sparse-checkout mechanism.

INFO Clean installation with expected network activity only -5

Installation cloned from github.com (140.82.121.3:443) via HTTPS with sparse-checkout. No new outbound connections, no new listening ports, and no unexpected process spawning observed during or after installation.