Is arnarsson/bat-cat safe?
https://github.com/openclaw/skills/tree/main/skills/arnarsson/bat-cat
The bat-cat skill is a documentation-only reference for the well-known open-source bat CLI tool (sharkdp/bat) and contains no executable code, no prompt injection, no hidden instructions, and no data exfiltration mechanisms. Honeypot credential files were read during the audit window, but the timing and access pattern are consistent with the Oathe monitoring framework's own before/after canary verification sweeps rather than any skill behavior. The skill is safe to install.
Category Scores
Findings (3)
INFO Canary files read during audit monitoring window -10 ▶
All six honeypot credential files were opened and read at two distinct points: once at audit timestamp 1771927452.720 (approximately 5 seconds before the install script executed) and once at 1771927470.203 (approximately 5 seconds after the install and post-install scans completed). Both accesses are sub-millisecond bursts covering all six files simultaneously — a programmatic sweep pattern strongly consistent with the Oathe audit framework performing its own before/after canary integrity verification rather than adversarial code. The skill contains no executable code capable of triggering these reads.
INFO GitHub HTTPS connection during sparse checkout install -7 ▶
A standard TLS connection to 140.82.121.4:443 (GitHub) was established by git-remote-https during the sparse checkout of the skill subdirectory. This is the sole skill-attributable network event and is entirely expected for a skills marketplace install.
INFO bat exposes git diff context when viewing version-controlled files -7 ▶
The skill documents bat's --diff and --decorations flags, which annotate file output with git modification status. When an agent uses bat on files inside a git repository, it will receive more contextual information than with plain cat. This is the tool's designed behavior and presents no security risk, but is noted for completeness.