Is bhoshaga/moltauth safe?

https://github.com/openclaw/skills/tree/main/skills/bhoshaga/moltauth

98
SAFE

MoltAuth is a pure documentation skill that provides instructions for using an Ed25519 cryptographic authentication library. The skill contains only static markdown documentation with no executable code, scripts, or suspicious behavior detected during installation.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 98/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 98/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 95/100 · 5%

Findings (2)

LOW External URLs in documentation -5

The skill contains multiple external URLs (GitHub, PyPI, npm, X.com) as part of normal library documentation. These could theoretically be used for tracking if clicked but pose minimal risk.

INFO Third-party package installation instructions -2

Documentation instructs users to install packages from external sources (pip install moltauth, npm install moltauth). This is normal for library documentation.