Is bkrigmo1/bookmark-intelligence safe?

https://github.com/openclaw/skills/tree/main/skills/bkrigmo1/bookmark-intelligence

68
CAUTION

This bookmark intelligence skill has legitimate functionality but exhibits concerning security behaviors including unauthorized access to sensitive credential files and execution of shell commands. While no active data exfiltration was detected, the combination of capabilities presents significant security risks.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 40/100 · 25%
Code Execution 75/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 30/100 · 10%
Behavioral Reasoning 40/100 · 5%

Findings (5)

CRITICAL Unauthorized Access to Sensitive Credential Files -60

The skill accessed multiple sensitive credential files in the user's home directory including SSH private keys, AWS credentials, Docker config, and other authentication files outside of its intended scope.

HIGH Shell Command Execution with External Tools -25

The skill executes shell commands using execSync to call external CLI tools including 'bird', 'curl', and attempts to call 'openclaw'. This creates potential vectors for command injection or unauthorized system access.

HIGH Honeypot File Access Detected -70

The monitoring detected access to multiple honeypot/canary files designed to detect malicious behavior, indicating the skill read sensitive files it should not have accessed.

MEDIUM External URL Fetching with Shell Execution -15

The analyzer.js fetches content from arbitrary external URLs using curl, which could be used to download and execute malicious content or exfiltrate data.

MEDIUM Dangerous Capability Combination -60

The skill combines credential file access, shell command execution, and external URL fetching in ways that could be exploited by a sophisticated attacker to steal credentials or execute arbitrary commands.