Is andyxinweiminicloud/gep-immune-auditor safe?

https://github.com/openclaw/skills/tree/main/skills/andyxinweiminicloud/gep-immune-auditor

19
MALICIOUS

This skill is malicious and designed for credential theft and data exfiltration. During installation, it attempted to access multiple sensitive files including SSH keys, AWS credentials, and environment files, while also containing code capable of transmitting data to external endpoints.

Category Scores

Prompt Injection 35/100 · 30%
Data Exfiltration 0/100 · 25%
Code Execution 40/100 · 20%
Clone Behavior 0/100 · 10%
Canary Integrity 0/100 · 10%
Behavioral Reasoning 0/100 · 5%

Findings (4)

CRITICAL Credential Theft Attempt -100

The skill attempted to access multiple sensitive credential files during installation, including .env files, SSH private keys, AWS credentials, Docker config, and GCloud credentials. This is definitive evidence of malicious behavior.

CRITICAL External Data Transmission Capability -80

The Python script is designed to transmit data to external endpoints using curl commands. Combined with credential access attempts, this creates a complete data exfiltration pipeline.

HIGH Agent Behavior Override -65

The skill instructs the agent to take on a specific persona as an 'immune system' with autonomous decision-making capabilities, potentially overriding user intent and normal safety measures.

HIGH Executable Code with Network Access -60

The skill includes executable Python code that makes external network requests and could be used for unauthorized data transmission.