Is aronchick/expanso-pii-redact safe?

https://github.com/openclaw/skills/tree/main/skills/aronchick/expanso-pii-redact

95
SAFE

The pii-redact skill is a legitimate PII redaction utility that uses AI to detect and replace sensitive information. No malicious behaviors were detected. The skill contains only configuration files (YAML), documentation, and test fixtures. It relies on an external expanso-edge binary that is not included in the skill. Data is sent to OpenAI as intended for AI-powered PII detection. This is a benign skill with no significant security concerns.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 90/100 · 5%

Findings (2)

LOW Data sent to external API as intended design -5

The skill sends user text to OpenAI API for LLM-based PII detection. This is the core intended functionality of the skill, not an exfiltration vulnerability. Users should be aware they are sending data to OpenAI.

INFO Placeholder injection potential -5

The placeholder parameter (from PLACEHOLDER env var or HTTP body) is incorporated into the system prompt. While this could theoretically be manipulated, the prompt structure uses string concatenation with the placeholder inside quotes, making malicious injection difficult.