Is atlas-secint/insecure-defaults safe?

https://github.com/openclaw/skills/tree/main/skills/atlas-secint/insecure-defaults

94
SAFE

The insecure-defaults skill is a legitimate, well-structured security auditing methodology for detecting fail-open vulnerabilities in application code. It contains no executable code, no prompt injection attempts, no data exfiltration mechanisms, and all installation-time behavior was normal. The only notable aspect is its request for Bash tool access, which is justified for verifying runtime behavior but should be noted by users.

Category Scores

Prompt Injection 90/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 88/100 · 5%

Findings (4)

LOW Bash tool access requested -10

The skill requests access to the Bash tool in its allowed-tools frontmatter, which grants arbitrary command execution capability to the agent. While this is justified for verifying runtime behavior during security audits (e.g., checking if an app starts without required env vars), it expands the attack surface if the skill's instructions were to be modified maliciously in a future version.

INFO Instructs searching configuration and credential patterns -5

The skill instructs the agent to search for patterns like 'getenv', 'process.env', hardcoded passwords, and API keys in config directories, auth modules, and env files. This is the explicit stated purpose of the skill and targets the user's own project for security review, not the host system's credentials.

INFO Security auditing scope could surface sensitive project data -12

When used as intended, this skill will surface actual secrets, credentials, and security misconfigurations found in the user's project. The agent will display these findings in its output, which is the desired behavior but means the user should be aware that sensitive content from their codebase will appear in conversation context.

INFO Standard network activity during installation -5

Network connections observed during clone are all to expected infrastructure: GitHub for git clone, Ubuntu/Canonical servers for system updates, local DNS resolution, and mDNS multicast. No connections to unexpected or suspicious endpoints.