Is brave88heart/answeroverflow-1-0-2 safe?
https://github.com/openclaw/skills/tree/main/skills/brave88heart/answeroverflow-1-0-2
The answeroverflow-1-0-2 skill is a clean, documentation-only skill comprising two static files (SKILL.md and _meta.json) with no executable code, no prompt injection, and no data exfiltration mechanisms. Installation behavior was entirely normal: a sparse git checkout from the official openclaw/skills GitHub repository connecting only to GitHub's IP, with no persistent system changes, no unexpected processes, and all canary files confirmed intact. The skill's sole purpose is enabling agents to search indexed Discord community discussions via Answer Overflow, a legitimate public service.
Category Scores
Findings (3)
INFO Canary file inotify reads predate install by ~5 seconds -10 ▶
Inotify events show OPEN/ACCESS on .env, .ssh/id_rsa, .aws/credentials, .npmrc, .docker/config.json, and GCP credentials at 04:53:13. The git clone does not begin until audit timestamp 1771735998.599 (~04:53:18). All events are CLOSE_NOWRITE,CLOSE (read-only). The monitoring report confirms canary integrity. These reads are attributable to the audit framework's canary file baselining, not to any code in the skill.
INFO Skill instructs web_fetch to external domain -4 ▶
SKILL.md correctly instructs the agent to use web_fetch against answeroverflow.com/m/
INFO MCP server endpoint documented but not autonomously invoked -5 ▶
SKILL.md includes a reference table describing Answer Overflow's MCP server at answeroverflow.com/mcp. This is reference documentation for operators who may want to configure the MCP server separately. The skill does not instruct the agent to autonomously connect to the MCP server or execute any MCP tools without user direction.