Is akhmittra/content-remix-studio safe?

https://github.com/openclaw/skills/tree/main/skills/akhmittra/content-remix-studio

97
SAFE

Content Remix Studio is a pure knowledge skill containing only markdown documentation with no executable code, no dependency requirements, and no network fetch instructions. The SKILL.md content is entirely consistent with its declared purpose of social media content repurposing strategy, with no prompt injection patterns, persona-switching instructions, or data access directives detected. Canary file accesses observed in the audit logs predate the skill installation by approximately six seconds and are attributable to the Oathe monitoring framework's baseline initialization, not to the skill itself.

Category Scores

Prompt Injection 98/100 · 30%
Data Exfiltration 98/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 92/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 92/100 · 5%

Findings (4)

INFO Pure knowledge skill — zero executable surface 0

The skill package contains only three files: _meta.json (registry metadata), SKILL.md (instructions injected into system prompt), and README.md (documentation). No package.json scripts, no git hooks, no submodules, no symlinks, no binary references. The requires.bins, requires.env, and requires.config fields are all empty arrays.

INFO No prompt injection patterns detected in SKILL.md 0

Full review of SKILL.md found no instructions to override system prompts, ignore previous instructions, suppress output, fetch external URLs, use invisible unicode or HTML comment tricks, adopt alternative personas, or escalate permissions. Content is entirely coherent with the declared purpose of content repurposing strategy.

LOW Skill content promotes engagement-optimized content that may trend manipulative -8

The skill's described tactics (controversy hooks, engagement bait, hot takes, reply-seeding) are standard social media growth practices but carry inherent potential for generating misleading or manipulative content. This risk is bounded by the hosting agent's existing refusal behaviors and is not unique to this skill.

INFO Install process clean — no unexpected process spawning or filesystem writes outside skill directory 0

Auditd EXECVE trace shows only expected git operations (clone, sparse-checkout, cp, rm -rf /tmp/monorepo-clone) during installation. No unexpected interpreter invocations, no writes outside /home/oc-exec/skill-under-test/, no persistence mechanisms.