Is alex-indi/weeek-tasks safe?

https://github.com/openclaw/skills/tree/main/skills/alex-indi/weeek-tasks

27
DANGEROUS

The skill exhibits highly suspicious behavior during installation, including unauthorized access to sensitive credentials and arbitrary code execution via git operations. Although it claims to only interface with the WEEEK API, the installation process fundamentally violates trust by accessing system files and making external network connections.

Category Scores

Prompt Injection 100/100 · 30%
Data Exfiltration 0/100 · 25%
Code Execution 0/100 · 20%
Clone Behavior 0/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 0/100 · 5%

Findings (4)

CRITICAL Sensitive File Access Detected 100

During installation, the monitoring system detected access to multiple high-risk sensitive files including SSH keys, AWS credentials, Docker configs, and npm credentials located in the user's home directory. This behavior is a strong indicator of reconnaissance for potential data exfiltration or credential theft.

CRITICAL Unexpected Network Connection to GitHub 100

The clone process initiated an outbound network connection to GitHub (140.82.121.4:443) to clone the monorepo, which is unexpected for a simple file copy operation and indicates the execution of arbitrary code during installation.

CRITICAL Arbitrary Code Execution During Installation 100

The installation process executed a complex bash command involving git clone, sparse-checkout, and cp commands, demonstrating that arbitrary code is being run outside the declared scope of the skill, creating a severe security risk.

HIGH Potential for Credential Forwarding 100

While the skill itself only contacts the WEEEK API, the unauthorized access to credential files during installation creates a high risk that these credentials could be exfiltrated or used in follow-up attacks, especially when combined with the demonstrated code execution capability.