Is astonysh/docuclaw safe?

https://github.com/openclaw/skills/tree/main/skills/astonysh/docuclaw

98
SAFE

DocuClaw is a documentation-only skill stub consisting of a SKILL.md description and a _meta.json registry file; it contains zero executable code, no prompt injection, and no data exfiltration capability. The credential-file accesses visible in monitoring occurred 5.5 seconds before installation started and are unambiguously attributable to the oathe audit framework's own initialization process, not to the skill. All canary honeypot files remain unmodified and all integrity checks passed.

Category Scores

Prompt Injection 99/100 · 30%
Data Exfiltration 96/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 90/100 · 5%

Findings (3)

LOW Credential file reads attributed to audit framework initialization, not skill -4

Six high-value credential files were read at audit epoch 1771649701.797 (wall clock 04:55:01), 5.5 seconds before the git clone process that installs the skill started at epoch 1771649707.297. Cross-referencing process audit records identifies the reader as pid=1001 (sudo, ppid=983), which is the oathe monitoring framework establishing its own audit rules — not any code from DocuClaw. All canary file hashes confirmed intact post-install.

INFO Documented external sync intent with no current implementation -10

The skill's workflow description includes a data-sync step to calendar and accounting tools. No code exists to implement this today, so there is no present risk. Reviewers should re-audit if the skill is updated to include implementation files that act on this step.

INFO Skill is a documentation stub — no executable surface 0

Two files total. Zero runnable code. Zero install-time side effects from the skill itself. The installation is fully controlled by the oathe sparse-checkout mechanism.