Oathe Security Badge

Is adamgoth/sky-eco-skill safe?

https://github.com/adamgoth/sky-eco-skill

95
SAFE

This is a legitimate Claude Code skill for querying Sky Ecosystem (DeFi) data from official sources. It uses standard practices for external API integration and subagent delegation with no malicious behavior detected.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 92/100 · 25%
Code Execution 95/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 90/100 · 5%

Findings (3)

LOW External API Dependencies -3

Skill makes calls to external APIs including GitHub, Sky Forum, Etherscan, and Sky protocol services. While legitimate for its purpose, this creates network exposure.

INFO Optional Dependencies Required -2

Skill requires optional dependencies (agent-browser for web scraping, Etherscan API key) that users should be aware of.

LOW Canary File Access -5

Monitoring detected access to canary files during installation, though files remained intact.