Is antgly/control-ikea-lightbulb safe?

https://github.com/openclaw/skills/tree/main/skills/antgly/control-ikea-lightbulb

93
SAFE

This skill provides legitimate functionality for controlling TP-Link Kasa smart bulbs on the local network using the python-kasa library. The code is clean and focused on its stated purpose without malicious functionality.

Category Scores

Prompt Injection 100/100 · 30%
Data Exfiltration 80/100 · 25%
Code Execution 95/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 95/100 · 5%

Findings (3)

MEDIUM Sensitive file access detected during installation -20

Monitoring detected access to sensitive files including .env, SSH keys, AWS credentials, and other configuration files during the installation process. However, analysis indicates this was likely from SSH authentication processes rather than the skill itself.

LOW Contains executable scripts -5

The skill includes Python scripts and shell wrappers that execute code for smart bulb control functionality. This is expected behavior for the skill's purpose.

LOW Potential network reconnaissance capability -5

While designed for legitimate bulb control, the skill could theoretically be used to probe network devices by trying different IP addresses, though such activity would be detectable.