Is blockchainhb/launchfast-ppc-research safe?

https://github.com/openclaw/skills/tree/main/skills/blockchainhb/launchfast-ppc-research

90
SAFE

The launchfast-ppc-research skill is a clean, documentation-only skill containing only SKILL.md and _meta.json with no executable code, no prompt injection patterns, no file-reading instructions, and no suspicious install behavior. The primary trust assumption lies with the external mcp__launchfast__amazon_keyword_research service, which receives user-provided ASINs and returns keyword data that the agent processes; this is an expected and disclosed dependency, not a hidden exfiltration vector. Canary file reads observed in monitoring are attributable to the audit framework's own baseline and verification scans, and all canary files remain unmodified.

Category Scores

Prompt Injection 90/100 · 30%
Data Exfiltration 82/100 · 25%
Code Execution 97/100 · 20%
Clone Behavior 92/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 83/100 · 5%

Findings (5)

LOW Third-party MCP data sharing -10

The skill instructs the agent to call mcp__launchfast__amazon_keyword_research with user-provided ASINs. These product identifiers are sent to the LaunchFast external service. While this is the documented and expected behavior, users should be aware their competitive research data (ASINs being researched) is transmitted to a third-party commercial service.

LOW MCP output injection surface -10

The skill processes keyword data returned by the LaunchFast MCP and incorporates it into agent context for tier classification and CSV generation. Malicious keyword strings returned by the MCP could theoretically contain prompt injection payloads that alter agent behavior. The risk depends entirely on the trustworthiness of the LaunchFast MCP server.

LOW Filesystem write to ~/Downloads/ -8

The skill instructs the agent to write a file to ~/Downloads/launchfast-ppc-bulk-[date].txt. This is appropriate for the stated use case (Amazon Bulk Operations upload), but grants the skill filesystem write permissions in the user's home directory.

INFO Canary file reads attributed to audit framework 0

Monitoring detected reads of .env, .ssh/id_rsa, .aws/credentials, .npmrc, .docker/config.json, and GCP credentials at timestamp 1771907759 (04:35:59) — 5 seconds BEFORE the git clone at 1771907764 (04:36:04). A second set of reads occurred at 1771907777, after install. Both sets are consistent with the oathe audit framework performing pre-install baseline scans and post-install canary integrity verification, not with the skill itself.

INFO No executable code of any kind 0

The skill consists solely of SKILL.md (documentation/instructions) and _meta.json (metadata). No scripts, binaries, package managers, git hooks, submodules, or filter drivers are present.