Is adarshdigievo/python safe?

https://github.com/openclaw/skills/tree/main/skills/adarshdigievo/python

96
SAFE

This is a benign Python coding guidelines skill that provides PEP 8 style conventions, standard development tooling commands (pytest, ruff, black, uv), and idiomatic Python patterns. No prompt injection, data exfiltration, or malicious behavior was detected. All monitoring signals (network, filesystem, process execution, canary files) show only expected system activity during installation.

Category Scores

Prompt Injection 96/100 · 30%
Data Exfiltration 100/100 · 25%
Code Execution 92/100 · 20%
Clone Behavior 96/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 95/100 · 5%

Findings (4)

LOW Auto-fix linting command modifies files -4

The 'Before Committing' section includes 'ruff check . --fix' which automatically modifies source files to fix linting issues. While this is standard Python developer tooling, it does modify files without explicit user confirmation per-change.

LOW Generic package install templates -4

The dependency management section includes 'uv pip install ' and 'pip install ' templates. While these are placeholder examples, an agent following these instructions could install arbitrary packages if directed to do so by user context.

INFO Skill prescribes pre-commit workflow -4

The skill instructs the agent to run syntax checks, tests, and formatting before every commit. This adds agent behavior but is entirely expected and beneficial for a coding guidelines skill.

INFO Lock file references unrelated skill -4

The .clawhub/lock.json file references 'academic-research-hub' skill. This appears to be a ClawHub installation tracking artifact rather than a functional dependency. It does not affect this skill's behavior.