Is bluemeda/bmkg-monitor safe?
https://github.com/openclaw/skills/tree/main/skills/bluemeda/bmkg-monitor
The bmkg-monitor skill is a clean, well-scoped earthquake monitoring tool that fetches public seismic data from Indonesia's official BMKG government API. SKILL.md contains no prompt injection patterns, the Python script is straightforward and limited to read-only HTTP requests against hardcoded government domains, and all canary honeypot files remained unmodified throughout the audit. The only finding worth noting is an unsanitized EVENT_ID argument used in URL construction, which represents a negligible SSRF surface limited to the legitimate BMKG static domain.
Category Scores
Findings (3)
LOW Unsanitized EVENT_ID used in URL construction -10 ▶
In detail mode, get_gempa.py takes sys.argv[2] as EVENT_ID and inserts it directly into URL paths for static.bmkg.go.id without validation or sanitization. While requests.get() prevents shell command injection, a crafted EVENT_ID (e.g. containing path traversal sequences) could probe arbitrary paths on static.bmkg.go.id. The domain is hardcoded so exfiltration to attacker-controlled servers is not possible through this path. Risk is low in practice since the agent controls the EVENT_ID value.
INFO Pre-clone sensitive file accesses attributable to audit harness, not skill 0 ▶
Inotify and auditd records show .env, .ssh/id_rsa, .aws/credentials, .npmrc, .docker/config.json, and GCP credentials opened at audit(1771734534.382) — approximately 5.5 seconds before the git clone started at audit(1771734539.884). A second identical access pattern at audit(1771734551.259) is the post-install harness canary integrity check. Neither access pattern is attributable to the skill or its Python script.
INFO Skill requires Python script execution 0 ▶
SKILL.md instructs the agent to invoke python3 scripts/get_gempa.py with subcommands. This is expected, declared, and the script is fully auditable. Mentioned for transparency since code execution is a core operational requirement of this skill.