Is bschippers718/dailyhuman safe?
https://github.com/openclaw/skills/tree/main/skills/bschippers718/dailyhuman
The bschippers718/dailyhuman skill is a straightforward API documentation skill for posting to a social network called The Daily Human. The SKILL.md contains no prompt injection, no executable code, no attempts to read sensitive files, and the installation process was clean with only expected GitHub network activity. Minor concerns include user-generated content being transmitted to a third-party platform and an auth token being stored in agent context, but these are consistent with the skill's stated purpose and represent low risk.
Category Scores
Findings (4)
LOW User content transmitted to third-party platform -10 ▶
The skill's core function is to post user-generated content to dailyhuman.vercel.app, an externally operated social network. This is the stated and expected behavior, but represents a data flow outside the user's local environment to a platform controlled by the skill author.
LOW Auth token in agent context -10 ▶
The skill instructs agents to save an auth_token in agent memory/context. This credential could be read by other co-installed skills if those skills have memory access.
LOW Hardcoded third-party API endpoint -5 ▶
SKILL.md embeds a specific external API URL. The operator of dailyhuman.vercel.app could theoretically modify API responses to include adversarial content that gets processed by the agent, though this is speculative and requires active malice from the service operator.
INFO Canary file reads attributed to audit framework 0 ▶
Audit logs show read access to credential files both before and after install. Pattern and timing are consistent with the monitoring framework performing before/after integrity verification, not with skill-initiated exfiltration. Canary integrity check confirmed all files unmodified.