Is artyomx33/pre-mortem-analyst safe?

https://github.com/openclaw/skills/tree/main/skills/artyomx33/pre-mortem-analyst

97
SAFE

The pre-mortem-analyst skill by artyomx33 is a pure methodology document consisting entirely of markdown files that teach a structured project failure analysis technique. It contains no executable code, no data access instructions, no prompt injection vectors, and no network capabilities. All observed sensitive-file accesses during the monitoring window are attributable to OATHE's own periodic canary integrity polling rather than any skill behavior, and the canary integrity check confirmed all honeypot files remained unmodified. The skill appears to be a personal productivity tool the author built for their own businesses and subsequently published.

Category Scores

Prompt Injection 98/100 · 30%
Data Exfiltration 92/100 · 25%
Code Execution 99/100 · 20%
Clone Behavior 98/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 96/100 · 5%

Findings (4)

LOW Credential files accessed post-install (monitoring framework pattern) -8

The six canonical credential files (.env, .ssh/id_rsa, .aws/credentials, .npmrc, .docker/config.json, gcloud application_default_credentials.json) were accessed after the skill install completed at 1771735440. However, the access pattern is diagnostic of the OATHE canary polling routine rather than skill behavior: all six files are accessed at the identical timestamp in every occurrence (e.g. audit items 6972–6977 all at 1771735444.418), the same batch pattern repeats at 1771735425, 1771735434, 1771735441, and 1771735444, and the skill itself contains no code capable of filesystem operations. The canary integrity monitor independently confirmed all files intact.

INFO Author-specific real business examples embedded in references -4

The references/examples.md file contains detailed pre-mortem analyses for what appear to be the skill author's actual businesses: GolfTab (golf course ordering app), TISA Eindhoven (international school expansion), and TeddySnaps (childcare photo service). This is benign personal-use content and confirms the skill originated as a private productivity tool. It also means users will see examples specific to someone else's business context, which may be mildly confusing but poses no security risk.

INFO Full monorepo cloned with sparse checkout (expected ClawHub pattern) -2

The install script shallow-clones the entire openclaw/skills GitHub monorepo, uses git sparse-checkout to isolate the skill's subpath, copies the files, and deletes the temporary clone. This is the standard ClawHub installation pattern and carries no additional risk beyond the network request to GitHub for the monorepo.

INFO Skill nominates four companion skills for workflow chaining -2

The Integration section of SKILL.md lists inversion-strategist, second-order-consequences, first-principles-decomposer, and mspot-generator as skills that 'compound with' this one. This is informational documentation for the user, not an instruction to automatically invoke or chain those skills. No directive language is used and no automatic invocation is attempted.