Is alexandr-belogubov/hotmention safe?

https://github.com/openclaw/skills/tree/main/skills/alexandr-belogubov/hotmention

87
SAFE

HotMention is a legitimate social intent marketing skill with no malicious code, no prompt injection payload, and a clean installation process. The primary security concern is intentional by design: in paid mode the skill transmits user product keywords to the hotmention.com third-party API, representing a business intelligence privacy risk that is disclosed but consequential. A secondary concern is a suspicious .clawhub/lock.json bundled within the skill package that references another unrelated installed skill, which is anomalous for a distributable skill package and warrants scrutiny.

Category Scores

Prompt Injection 88/100 · 30%
Data Exfiltration 75/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 80/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 85/100 · 5%

Findings (5)

MEDIUM User business keywords transmitted to third-party hotmention.com API in paid mode -25

When HOTMENTION_API_KEY is set, the skill sends the user's product names, competitor terms, and market search keywords to the HotMention REST API for intent scoring. This is the core feature of the skill and is disclosed in the Privacy section, but it means a user's competitive intelligence and business strategy are shared with an external service the user may not have directly consented to instrument.

LOW Third-party API documentation URL is an indirect injection surface -12

The skill instructs the agent to use the HotMention REST API and directs it to consult full documentation at https://hotmention.com/docs/api. If the agent fetches this URL at runtime to understand the API, a modified or attacker-controlled documentation page could inject new instructions into the agent's active context window. This is a speculative but real attack surface for supply-chain-style prompt injection against skill users.

LOW Unexpected .clawhub/lock.json bundled in skill package references unrelated installed skill -20

The skill repository contains a .clawhub/lock.json file that lists 'academic-research-hub v0.1.0' as an already-installed skill with a specific installation timestamp. This file type normally represents the state of a user's local environment and should not be committed into a distributable skill package. Its presence may be an accidental inclusion of the author's test environment state, but it could also be an attempt to assert expected co-installation of another skill or probe whether specific skills are present in target environments.

INFO HOTMENTION_API_KEY credential access is declared and user-provisioned 0

The skill reads the HOTMENTION_API_KEY environment variable to determine whether to use paid or free mode. This access is properly declared in the skill's YAML front-matter under metadata.openclaw.credentials with required:false, making it an opt-in, user-provisioned credential rather than an undisclosed secret access pattern.

INFO Post-install network connections are openclaw infrastructure, not skill-originated 0

The connection diff shows new TCP ESTABLISHED connections to 54.211.197.216:443 and 104.16.11.34:443 after installation. Both are attributed in the ss output to the 'openclaw-gatewa' process (pid=1081), which is the openclaw agent runtime infrastructure. The skill itself contains no code that could originate network connections; these are expected agent platform communications.