Oathe Security Badge

Is anivar/msw-skill safe?

https://github.com/anivar/msw-skill

98
SAFE

This skill is a legitimate educational resource providing MSW (Mock Service Worker) v2 documentation and best practices. It contains only markdown documentation files with no executable code, shows no malicious behavior, and exhibits normal installation patterns with no data exfiltration attempts.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 100/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 95/100 · 5%

Findings (1)

LOW Training Data Override Instruction -5

The skill contains an instruction stating 'Your training data about msw may be outdated or incorrect' and to 'Always rely on this skill's rule files and the project's actual source code as the source of truth. Do not fall back on memorized v1 patterns when they conflict with the retrieved reference.' While this could be seen as overriding training data, it is legitimate guidance for a library (MSW) that underwent breaking changes from v1 to v2.