Is bartschneider/supermetrics-openclawd safe?

https://github.com/openclaw/skills/tree/main/skills/bartschneider/supermetrics-openclawd

89
SAFE

The supermetrics-openclawd skill is a clean Python API wrapper for the Supermetrics marketing data platform. The code contains no prompt injection, malicious file access, dangerous execution patterns, or exfiltration beyond its declared purpose of querying mcp.supermetrics.com. The primary concern is that a third-party author ('bartschneider') falsely claims 'author: supermetrics' and 'Official Supermetrics skill' status, which could mislead users about the provenance and trustworthiness of the endpoint; users should independently verify that mcp.supermetrics.com is the legitimate Supermetrics API before supplying production API keys.

Category Scores

Prompt Injection 85/100 · 30%
Data Exfiltration 85/100 · 25%
Code Execution 95/100 · 20%
Clone Behavior 92/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 78/100 · 5%

Findings (5)

MEDIUM Third-party author claims official brand identity -15

The SKILL.md frontmatter declares 'author: supermetrics' and the description reads 'Official Supermetrics skill', but _meta.json clearly identifies the publisher as 'bartschneider', a third-party account. Users may install this skill believing it is maintained and endorsed by Supermetrics, Inc., when it is not. This erodes informed consent and could be exploited for brand-squatting or to direct API traffic through infrastructure not controlled by Supermetrics.

LOW Marketing data and API key transmitted to external Supermetrics endpoint -15

All function calls in supermetrics.py POST data to https://mcp.supermetrics.com, transmitting the user's SUPERMETRICS_API_KEY as a Bearer token and sending marketing query parameters (account IDs, date ranges, field lists, filter expressions). This is the declared purpose of the skill and consistent with expected Supermetrics API usage, but users should understand that all marketing data queries traverse an external third-party server.

INFO Python standard library HTTP client only — no dangerous execution 0

The skill implements all API calls using urllib.request.urlopen with no subprocess, eval, exec, or shell invocation. There are no install-time side effects, no bundled binaries, and no dynamic code loading.

INFO Normal sparse-checkout install via openclaw monorepo 0

The install process performed a standard depth-1 git clone of github.com/openclaw/skills.git followed by a sparse-checkout of the skill subdirectory. This is the expected openclaw installation mechanism. No unexpected processes were spawned and no filesystem changes occurred outside the designated skill directory.

INFO Canary file PATH syscalls are framework-attributed, not skill-initiated 0

PATH syscalls touching .env, id_rsa, .aws/credentials, .npmrc, .docker/config.json, and gcloud credentials appear at timestamps 1771951499.491 (pre-install) and 1771951519.540 (post-install). These timestamps align with oathe's own canary integrity verification passes bracketing the skill install. The skill code contains no logic to access any of these paths. All canary files confirmed intact.