Is bratchenko/self-integration safe?

https://github.com/openclaw/skills/tree/main/skills/bratchenko/self-integration

82
SAFE

This skill provides legitimate functionality to connect with external services through the Membrane API, but has significant data sharing implications. While transparent about its capabilities and requirements, it concentrates high-privilege access to multiple services and sends data to a third-party provider.

Category Scores

Prompt Injection 85/100 · 30%
Data Exfiltration 60/100 · 25%
Code Execution 95/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 70/100 · 5%

Findings (5)

HIGH Broad data sharing with third-party service -25

The skill sends user data to Membrane's API service and can connect to any external app including Slack, GitHub, Google Sheets, etc. While transparent, this creates significant data exposure.

MEDIUM High-privilege credential requirement -10

Requires MEMBRANE_TOKEN which is described as 'a high-privilege credential that can create connections and run actions across external apps'

MEDIUM Concentration of cross-service API access -20

The skill centralizes access to multiple external services which could be attractive to attackers and amplify the impact of credential compromise

LOW Indirect manipulation potential through API scope -15

While no direct prompt injection is present, the broad API capabilities could potentially be used to manipulate agent behavior indirectly

LOW Potential for unintended cross-service actions -10

The skill's broad scope could enable actions across multiple services without explicit per-action user consent