Is aronchick/expanso-json-pretty safe?

https://github.com/openclaw/skills/tree/main/skills/aronchick/expanso-json-pretty

94
SAFE

This appears to be a legitimate JSON prettification tool built for the Expanso Edge platform. The skill uses YAML configuration files to define input/output processing pipelines without containing executable code or obvious malicious behavior.

Category Scores

Prompt Injection 100/100 · 30%
Data Exfiltration 85/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 90/100 · 5%

Findings (2)

MEDIUM HTTP server opens network port -15

The MCP pipeline configuration opens an HTTP server listening on 0.0.0.0:8080, which could potentially be accessed by other processes or network connections for unintended data access.

LOW External binary dependency -10

The skill requires the external 'expanso-edge' binary to be installed, introducing a dependency chain that could be compromised.