Is arunnadarasa/asura safe?

https://github.com/openclaw/skills/tree/main/skills/arunnadarasa/asura

95
SAFE

The arunnadarasa/asura skill is a benign static knowledge base and persona definition for Krump dance culture, containing no executable code, no prompt injection attacks, and no data exfiltration mechanisms. All canary files remained intact and all network activity is attributable to the audit infrastructure and GitHub clone operations rather than the skill itself. The only minor concerns are an implicit persona override in the Interaction Style section, a committed developer lock file referencing a second skill dependency, and significant context window consumption from eight supplementary history files.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 97/100 · 20%
Clone Behavior 94/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 88/100 · 5%

Findings (4)

LOW Implicit persona override via Interaction Style section -5

SKILL.md includes an 'Interaction Style' section instructing the agent to respond as Asura, share personal experiences, and maintain a specific worldview. While not an explicit 'ignore previous instructions' override, injecting this into an agent system prompt causes persistent persona modification for the duration of the session.

LOW Committed .clawhub/lock.json references external skill dependency -3

The skill ships a .clawhub/lock.json that records 'academic-research-hub' v0.1.0 as an installed skill. This appears to be the developer's local lock file accidentally committed. It does not trigger automatic installation in the observed audit, but its presence suggests the skill was developed alongside another skill and may be intended for use in conjunction with it.

INFO Large supplementary content files inflate context window consumption -4

The skill ships KRUMP_HISTORY_PART1-8.md (eight files) alongside SKILL.md. Injecting all this content into an agent's context window substantially reduces available space for user tasks and may degrade performance on unrelated queries.

INFO Post-install TCP connections to AWS IP attributed to audit gateway 0

Two established TCP connections to 3.213.170.18:443 appear in the post-install connection diff. These are exclusively bound to the openclaw-gateway process (pid=1089), which is the audit infrastructure telemetry agent, not the skill under test.