Is antoinedc/renderkit safe?

https://github.com/openclaw/skills/tree/main/skills/antoinedc/renderkit

90
SAFE

RenderKit is a legitimate API integration skill that enables rendering web pages and creating hosted forms via the renderkit.live service. It contains no executable code, no prompt injection attempts, and exhibited clean behavior during installation. The primary risk is inherent to its function: user data is sent to a third-party service and may become publicly accessible via generated URLs.

Category Scores

Prompt Injection 90/100 · 30%
Data Exfiltration 78/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 72/100 · 5%

Findings (6)

MEDIUM User data sent to third-party API by design -12

The skill's core function instructs the agent to send arbitrary user data to renderkit.live via curl POST requests. The 'data' and 'context' fields accept any content, and rendered pages are returned as URLs that may be publicly accessible. While this is the skill's stated purpose, users should be aware that conversation content routed through this skill exits their control.

LOW Rendered pages may be publicly accessible -10

The API returns a 'url' and 'slug' for each rendered page. There is no indication of access controls on these URLs, meaning anyone with the link could view the content. If the agent renders sensitive data, it could become publicly exposed.

LOW External documentation URL reference -5

The skill references an external documentation URL (https://renderkit.live/docs.md) that an agent might fetch to learn more about the API. This is standard practice but provides a vector for future content injection if the docs page were compromised.

LOW Potential exfiltration channel when combined with file-reading skills -15

If a user has both this skill and a skill that reads local files active, an attacker could craft prompts that read sensitive files and then render their contents as public web pages via renderkit.live, creating a two-step exfiltration chain.

LOW Forms endpoint could facilitate phishing -13

The /v1/forms endpoint creates hosted forms with customizable fields. A malicious prompt could instruct the agent to create convincing phishing forms (e.g., login pages, payment forms) and share the resulting URLs.

INFO Clean install with no unexpected behavior -5

The install process consisted solely of a sparse git clone from GitHub. No unexpected network connections, no process spawning, no filesystem modifications outside the skill directory were observed.