Is alltomatos/aetup-automatik safe?

https://github.com/openclaw/skills/tree/main/skills/alltomatos/aetup-automatik

73
CAUTION

This VPS management skill contains legitimate functionality but poses significant security risks due to its extensive system-level code execution capabilities and privileged access requirements. The 15,000+ line bash script creates a large attack surface that is difficult to fully audit for malicious code.

Category Scores

Prompt Injection 85/100 · 30%
Data Exfiltration 75/100 · 25%
Code Execution 40/100 · 20%
Clone Behavior 90/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 30/100 · 5%

Findings (5)

HIGH Extensive System-Level Code Execution -60

The skill includes SetupOrion.sh, a 15,000+ line bash script designed to install Docker containers, modify system configurations, and execute privileged operations on VPS systems. The script's complexity makes comprehensive security auditing extremely difficult.

MEDIUM Privileged System Access Requirements -40

The skill requires SSH access or 'OpenClaw Node Pairing' to execute commands directly on user VPS systems, creating significant attack surface for privilege escalation or unauthorized system modification.

MEDIUM Supply Chain Attack Vector -30

The skill's functionality of installing multiple third-party applications and Docker containers could serve as a vector for supply chain attacks or the introduction of compromised software components.

LOW Sensitive File Access During Installation -25

Monitoring detected access to sensitive files including SSH keys, AWS credentials, and Docker configuration during the skill installation timeframe, though this may be from system processes rather than the skill directly.

LOW Potentially Risky Agent Instructions -15

While not classic prompt injection, the skill provides instructions for agents to execute potentially dangerous system-level operations that could be misinterpreted or abused.