Is bezko/workspace-scruffy safe?

https://github.com/openclaw/skills/tree/main/skills/bezko/workspace-scruffy

88
SAFE

The skill bezko/workspace-scruffy is currently an empty stub with no SKILL.md, no source code, and no package.json, presenting negligible direct security risk in its current form. Six credential canary files were read during the audit window, but all accesses are read-only, the canary integrity check passes, and the timing is consistent with the oathe framework's own monitoring lifecycle rather than skill-triggered exfiltration. The principal residual concern is a supply-chain exposure: the install pins to a floating main branch, meaning future commits could silently introduce malicious content to any environment with this skill installed.

Category Scores

Prompt Injection 97/100 · 30%
Data Exfiltration 78/100 · 25%
Code Execution 97/100 · 20%
Clone Behavior 90/100 · 10%
Canary Integrity 84/100 · 10%
Behavioral Reasoning 76/100 · 5%

Findings (3)

MEDIUM Credential canary files opened post-install (origin ambiguous) -12

All six credential canary files were read after the install script completed. While timing and the read-only access mode strongly suggest the oathe framework's own post-install verification pass, there is no definitive SYSCALL/comm attribution in the provided evidence to exclude the possibility of skill-triggered access. No data was modified or transmitted.

LOW Supply-chain risk: empty skill pinned to floating main branch -8

The install script fetches --branch main with no commit pinning. The skill is currently empty, but any future push to that branch could silently introduce malicious SKILL.md content or executable code without the user's knowledge.

INFO No SKILL.md content — skill provides no agent instructions 0

The skill injects nothing into an agent's system prompt. If installed, the agent's behavior is unaffected by this skill in its current state.