Is bluemax30001/guardian safe?

https://github.com/openclaw/skills/tree/main/skills/bluemax30001/guardian

86
SAFE

Guardian is a legitimate security scanning tool that detects prompt injection, credential exfiltration, and social engineering attacks using regex-based signatures. While it accessed sensitive files during installation and includes optional webhook functionality, no actual data exfiltration occurred and the tool's behavior aligns with its stated security scanning purpose.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 75/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 90/100 · 10%
Canary Integrity 85/100 · 10%
Behavioral Reasoning 75/100 · 5%

Findings (4)

HIGH Sensitive File Access During Installation -25

The skill accessed multiple sensitive credential files including .env, SSH keys, AWS credentials, .npmrc, Docker config, and GCloud credentials during the installation process. While these files were not modified or exfiltrated, accessing credential files raises security concerns.

MEDIUM Optional Webhook Data Transmission -10

The skill includes webhook functionality that can POST scan results to external URLs. While this is documented and optional, it could be misused for data exfiltration if configured to send sensitive scan results to malicious endpoints.

MEDIUM Extensive Python Code Execution -15

The skill contains substantial Python code for security scanning functionality. While this appears legitimate for a security tool, it provides broad code execution capabilities within the OpenClaw environment.

LOW File Access Without Modification -15

While sensitive canary files were accessed during installation, they were not modified or had their contents extracted, indicating the skill did not attempt to exfiltrate credential data.