Is ashirbadgudu/npkill safe?

https://github.com/openclaw/skills/tree/main/skills/ashirbadgudu/npkill

93
SAFE

This is a documentation-only skill that provides guidance on using the npkill CLI tool to clean up node_modules and .next build artifacts. It contains no executable code, no hidden instructions, no data exfiltration vectors, and produced clean monitoring results during installation. The only concerns are minor: it documents a destructive auto-delete command and instructs a global npm install, both of which are standard for this type of utility skill.

Category Scores

Prompt Injection 90/100 · 30%
Data Exfiltration 100/100 · 25%
Code Execution 90/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 85/100 · 5%

Findings (5)

LOW Destructive automated deletion command documented -10

The skill documents npkill --delete-all --yes which bypasses interactive confirmation and deletes all found node_modules directories. An LLM agent could invoke this command without adequate user confirmation, potentially removing node_modules from active projects the user needs.

LOW Global npm package installation instruction -10

The skill instructs agents to run npm install -g npkill to install the npkill package globally. While npkill is a legitimate and well-known npm package, global npm installs carry inherent supply-chain risk (dependency confusion, compromised packages). The skill itself contains no executable code.

LOW Broad filesystem scanning capability -15

The --directory flag combined with a root path could scan the entire filesystem. When combined with --delete-all --yes, this could affect system-level node_modules. npkill does provide built-in warnings for protected directories, and the skill recommends dry-run first.

INFO Clean installation with expected network activity -5

Installation only contacted GitHub (git clone) and Ubuntu package servers. No unexpected network connections, no firewall blocks, no suspicious process execution. All auditd entries are from the monitoring infrastructure itself.

INFO All honeypot files remain intact 0

No canary files (.env, .ssh/id_rsa, .aws/credentials, .npmrc, .docker/config.json, gcloud credentials) were accessed or modified during installation or skill loading.