Is brianppetty/farmos-marketing safe?

https://github.com/openclaw/skills/tree/main/skills/brianppetty/farmos-marketing

91
SAFE

This skill appears to be a legitimate farming business application for managing grain marketing data with proper authentication and role-based access controls. The skill only provides read-only access to internal farming systems and contains no executable code or obvious security risks.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 85/100 · 25%
Code Execution 95/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 80/100 · 10%
Behavioral Reasoning 90/100 · 5%

Findings (3)

INFO References external configuration files -10

Skill references ~/.clawdbot/farmos-users.json and ~/clawd/scripts/farmos-auth.sh for authentication and role management

LOW Internal network API access -5

Skill accesses internal API at 100.102.77.110:8013 without explicit user consent about network access

MEDIUM Credential file access during installation -20

System processes accessed various credential files including .env, SSH keys, AWS credentials during installation process