Oathe Security Badge

Is benderterminal/zkettle safe?

https://github.com/benderterminal/zkettle

97
SAFE

zKettle is a legitimate open-source zero-knowledge secret sharing tool written in Go. The skill provides MCP integration for secure secret management with client-side encryption. All security monitoring shows normal behavior with no signs of malicious activity.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 98/100 · 25%
Code Execution 95/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 95/100 · 5%

Findings (4)

LOW Executable Go Application -5

The skill contains a complete Go application with CLI tools and MCP server functionality. While the code appears legitimate and well-structured, any executable code carries inherent risks.

INFO Secret Handling Tool -5

This tool is designed to handle sensitive secrets, which carries inherent risks if misused or if the zero-knowledge claims are not properly implemented. However, the tool appears designed with security best practices.

INFO Canary File Access During Monitoring -2

Honeypot files were accessed during the audit, but this appears to be part of the monitoring system setup rather than malicious behavior by the skill itself.

INFO External Repository References -5

The SKILL.md contains legitimate references to the GitHub repository for installation and documentation purposes.