Is alexgusevski/dataforseo-cli safe?

https://github.com/openclaw/skills/tree/main/skills/alexgusevski/dataforseo-cli

85
SAFE

This skill is a clean documentation wrapper for the dataforseo-cli npm package, containing no executable code, no prompt injection attempts, and no signs of malicious behavior during installation. The primary risk is the supply chain trust delegation: the skill instructs a global npm install of an external package whose contents are not auditable from the skill repository alone. Canary files were untouched and no suspicious network or process activity was detected.

Category Scores

Prompt Injection 90/100 · 30%
Data Exfiltration 85/100 · 25%
Code Execution 70/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 75/100 · 5%

Findings (7)

MEDIUM Global npm install of unaudited external package -25

The skill instructs the agent to run npm install -g dataforseo-cli, which fetches and installs a package from the npm registry globally. This executes any preinstall/postinstall scripts defined in the external package.json, which are not included in or auditable from this skill's repository. The actual runtime code lives entirely outside the audited skill.

LOW Plaintext credential storage on disk -10

The skill instructs storing DataForSEO API credentials (login/password or base64 token) in a plaintext JSON config file. While this is standard CLI tool behavior, it creates a target for credential theft by other skills or processes with filesystem access.

LOW Query cache preserves search history -5

All API queries are cached at ~/.config/dataforseo-cli/cache/, creating a persistent record of the user's SEO research topics, competitor domains analyzed, and keyword strategies. This could be read by other skills or processes.

LOW Instructs privileged global install operation -5

The skill asks the agent to perform a global npm install (-g flag), which modifies system-level directories and could require elevated permissions. This is a stronger action than a local install and affects the entire system rather than a project directory.

INFO Credential setup instructions in skill prompt -5

The skill includes instructions for the agent to configure API credentials, which means the agent may prompt the user for sensitive API keys and pass them through shell commands. While this is the intended workflow, it means credentials flow through the agent's context window.

INFO Supply chain trust delegation to npm registry -15

The skill repo contains zero executable code — all functionality is delegated to an npm package. The security of this skill is entirely dependent on the integrity of the dataforseo-cli npm package, its author's npm account, and npm's infrastructure. A package compromise would silently weaponize this skill.

INFO Minor external network connections during monitoring window -5

Connections to 104.16.9.34 (Cloudflare) and 54.211.197.216 (AWS) were observed. These are consistent with npm registry infrastructure but occurred during the monitoring window.