Is araratdev/ezyhost safe?

https://github.com/openclaw/skills/tree/main/skills/araratdev/ezyhost

98
SAFE

The EzyHost skill appears benign in functionality and declares appropriate permissions for its intended use. However, installation monitoring revealed concerning access to sensitive user files without justification. No actual data exfiltration or malicious behavior was observed.

Category Scores

Prompt Injection 100/100 · 30%
Data Exfiltration 98/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 100/100 · 5%

Findings (1)

LOW Access to sensitive files during installation -2

During the installation process, the system accessed sensitive user files including SSH keys, AWS credentials, and Docker configuration. While no exfiltration was detected, the access pattern is suspicious as the skill has no declared need for such files.