Is andreolf/refund-radar safe?

https://github.com/openclaw/skills/tree/main/skills/andreolf/refund-radar

66
CAUTION

This skill presents as a legitimate bank statement analyzer but exhibits highly concerning behavior by accessing sensitive credential files including SSH keys, AWS credentials, and other system secrets. While it doesn't appear to exfiltrate data during installation, the combination of financial data processing capabilities and credential access creates significant security risk.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 20/100 · 25%
Code Execution 75/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 60/100 · 10%
Behavioral Reasoning 30/100 · 5%

Findings (4)

CRITICAL Unauthorized Access to Sensitive Credential Files -80

The skill accesses multiple sensitive credential files including .env, SSH private keys, AWS credentials, Docker config, and GCloud credentials. This is highly suspicious for a tool that claims to only process bank statements locally.

MEDIUM Python Code Execution Capabilities -25

The skill includes multiple Python execution commands that could potentially run arbitrary code on the user's system, including file manipulation and system operations.

MEDIUM Canary File Access Without Modification -40

While canary files were not modified, the skill accessed multiple honeypot credential files, indicating it scans the filesystem for sensitive information.

HIGH Deceptive Local-Only Claims -70

The skill claims to be completely local with 'No network calls' and 'Your data stays on your machine', but exhibits behavior inconsistent with these claims by accessing credential files.