Oathe Security Badge

Is alfonso46674/openclaw-sage safe?

https://clawhub.ai/alfonso46674/openclaw-sage

92
SAFE

This is a legitimate documentation helper skill for OpenClaw that fetches and searches documentation from docs.openclaw.ai. The skill contains necessary shell scripts and Python code for its documentation processing functionality. No evidence of malicious behavior, prompt injection, or data exfiltration was detected.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 90/100 · 5%

Findings (3)

LOW External HTTP requests to documentation site -10

The skill makes HTTP requests to docs.openclaw.ai to fetch documentation content, which is its intended purpose but represents network activity.

LOW Shell script execution for documentation operations -10

The skill contains multiple bash scripts that execute system commands like curl, grep, and awk for documentation processing. This is necessary for functionality but carries inherent execution risks.

INFO Python script for text search functionality -5

Includes bm25_search.py for BM25-ranked full-text search over documentation. The code appears benign and focused on text processing.