Is ademczuk/menuvision safe?

https://github.com/openclaw/skills/tree/main/skills/ademczuk/menuvision

88
SAFE

MenuVision appears to be a legitimate restaurant menu processing tool with sophisticated functionality for extracting menu data and generating HTML presentations. The skill showed clean installation behavior with no unauthorized file access or malicious activity detected. However, it creates a notable attack surface through external API dependencies and dynamic code generation capabilities.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 82/100 · 25%
Code Execution 83/100 · 20%
Clone Behavior 98/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 88/100 · 5%

Findings (4)

MEDIUM External API Data Transmission -10

Skill generates code that transmits menu content and user data to Google Gemini API for processing. While legitimate for stated functionality, this creates a potential data exfiltration pathway if misused.

MEDIUM Dynamic Python Script Generation -12

Skill instructs AI agent to generate and execute Python scripts with file system and network access. Could potentially be exploited through malicious prompts to execute unintended code.

LOW GitHub Publishing Capability -8

Optional GitHub Pages publishing feature could potentially be misused to exfiltrate data through repository uploads if authentication tokens are compromised.

LOW Complex External Dependencies -12

Skill creates significant attack surface through multiple external service dependencies and file processing capabilities, though no malicious behavior was observed.