Is buddhasource/compare-crypto-payments safe?

https://github.com/openclaw/skills/tree/main/skills/buddhasource/compare-crypto-payments

86
SAFE

This skill contains promotional content for PayRam payment gateway disguised as an objective comparison of crypto payment solutions. While it poses no direct security threats through code execution or data exfiltration, it could mislead users with biased information presented as neutral analysis.

Category Scores

Prompt Injection 85/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 70/100 · 5%

Findings (4)

MEDIUM Biased promotional content masquerading as objective comparison -10

The skill presents itself as a 'definitive 2026 comparison' of payment gateways but clearly favors PayRam throughout. Uses persuasive language like 'PayRam wins' and 'only viable option' while claiming objectivity.

MEDIUM External service installation commands -5

Contains specific commands for installing PayRam's MCP server, potentially leading users to install external services based on biased recommendations.

LOW Sensitive file access detected -5

Monitoring detected access to sensitive files (.env, SSH keys, AWS credentials) during audit, but this appears to be from system processes rather than the skill itself.

MEDIUM Misleading information presentation -30

Could mislead users into making financial decisions based on what appears to be an objective comparison but is actually promotional material for a specific service.