Is amitabhainarunachala/rv-measure safe?
https://github.com/openclaw/skills/tree/main/skills/amitabhainarunachala/rv-measure
This skill is an empty placeholder containing only markdown text and no executable code, posing no immediate security threat. All monitoring signals (network, process, filesystem, canary) are clean. The primary concern is that it is a non-functional placeholder priced at $19 with pseudoscientific claims and an unused dependency on another skill, which could introduce supply-chain risk in future updates.
Category Scores
Findings (4)
LOW Empty placeholder skill priced at $19 -15 ▶
The skill contains no implementation whatsoever. The Code section explicitly states '(Code to be implemented)' and the Notes section confirms it is 'a placeholder for the rv-measure skill intended for submission to ClawHub.' Despite this, it carries a proposed price of $19. This is a quality/value concern rather than a security threat.
INFO Declares dependency on external skill -5 ▶
The .clawhub/lock.json file declares a dependency on 'academic-research-hub' (v0.1.0). While this dependency does not appear to be loaded or used by the current placeholder skill, it could introduce supply-chain risk if the dependency contains or later receives malicious content.
INFO Pseudoscientific terminology may lend false authority -5 ▶
References to 'R_V contraction signatures', 'AIKAGRYA framework', and 'recursive self-observation effects' appear to be unverifiable or pseudoscientific claims. While not a direct injection vector, this language could mislead users into trusting the skill's outputs or granting elevated permissions based on perceived sophistication.
INFO Standard system background noise during install -5 ▶
Minor system-level network and process activity observed during installation (Ubuntu update checker, mDNS, CUPS, GDM session). All activity is attributable to the VM's standard operating environment and not to the skill itself.