Is aprilox/clawstats safe?

https://github.com/openclaw/skills/tree/main/skills/aprilox/clawstats

95
SAFE

This skill appears to be a legitimate system monitoring tool that provides standard system statistics including CPU usage, RAM usage, disk usage, temperature, and top processes. The bash script uses only standard system utilities and shows no signs of malicious behavior, data exfiltration, or prompt injection.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 100/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 90/100 · 5%

Findings (2)

LOW Bash script execution required -15

The skill includes a bash script that will be executed to perform system monitoring. While the script uses only standard system utilities (top, free, df, ps, sensors, uptime) and appears legitimate, any executable code presents inherent risk.

LOW System reconnaissance potential -10

The skill provides system monitoring information that could be useful for reconnaissance, including process names, CPU/memory usage patterns, and disk usage statistics. While this is standard monitoring data, it could provide environmental awareness to malicious actors.