Is bluesyparty-src/csfloat safe?

https://github.com/openclaw/skills/tree/main/skills/bluesyparty-src/csfloat

89
SAFE

The CSFloat skill is a documentation-only markdown file providing curl command examples for the CSFloat skin marketplace API; it contains no executable code, git hooks, npm scripts, submodules, or symlinks. Runtime monitoring detected only expected network activity (GitHub sparse checkout) and read-only canary file accesses attributable to the oathe audit framework's own verification routines, confirmed intact by the post-install integrity check. Two quality bugs were identified — a copy-paste reference to 'Trello REST API' and a mismatched variable name in the listing creation example — neither of which is malicious, but together with the skill's ability to create financial marketplace listings they warrant user awareness before deployment.

Category Scores

Prompt Injection 87/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 95/100 · 20%
Clone Behavior 88/100 · 10%
Canary Integrity 88/100 · 10%
Behavioral Reasoning 75/100 · 5%

Findings (5)

MEDIUM 'Trello REST API' misdirection in CSFloat skill -13

The Usage section incorrectly identifies the target as the Trello REST API. The actual curl commands correctly target csfloat.com, but the descriptive text could cause an LLM agent to misidentify the service, apply a Trello API key, or behave inconsistently when reasoning about what the skill does.

LOW Wrong variable in create-listing Authorization header -5

The 'Create a listing' example uses $LISTING_ID (an item identifier) in the Authorization header instead of $CSFLOAT_API_KEY. Content-Type is also incorrectly concatenated in the same -H value with a semicolon rather than passed as a separate flag. An agent following this example literally would produce authentication failures and malformed requests.

LOW API key interpolated directly into curl command strings -10

The skill instructs the agent to place $CSFLOAT_API_KEY inline in curl headers. If the agent echoes, logs, or stores the assembled command string, the key appears in plaintext. This is the intended interaction pattern for this class of skill but represents an inherent key-exposure surface.

LOW Skill enables financial marketplace transactions without per-action gating -25

The 'Create a listing' command allows an agent to post Steam items for sale at a specified price. An agent with this skill loaded could execute marketplace transactions in response to vague instructions (e.g. 'sell my knives') without requiring explicit per-listing user confirmation. Combined with a skills that enumerate inventory, this creates a chained financial-action risk.

INFO Canary credential files accessed read-only during audit — attributed to monitoring framework -12

Six honeypot credential files (.env, .ssh/id_rsa, .aws/credentials, .npmrc, .docker/config.json, GCP application_default_credentials.json) were opened and read at two points: before the git clone (during sudo/auditctl setup) and after install (post-install canary verification). The oathe framework's own canary integrity check confirms all files are intact and unmodified. The skill itself is pure markdown and cannot independently access files.