Is alirezarezvani/database-designer safe?

https://github.com/openclaw/skills/tree/main/skills/alirezarezvani/database-designer

94
SAFE

This is a comprehensive database design skill containing extensive educational documentation and legitimate Python analysis tools. While system processes accessed sensitive canary files during the session, no data exfiltration occurred and the skill itself only accessed files within its own directory.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 95/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 95/100 · 10%
Behavioral Reasoning 100/100 · 5%

Findings (2)

MEDIUM Sensitive file access detected -10

System processes accessed canary files (.env, SSH keys, AWS credentials) during the session, though no data exfiltration occurred

INFO Executable Python scripts included -5

Skill contains three Python scripts for database analysis and optimization, which appear legitimate but represent executable code