Is burnshall-ui/eve-esi safe?

The dashboard config system continuously polls the ESI API and forwards character data — including wallet changes, kill mails, war declarations, mail notifications, and real-time alerts — to user-configured Telegram bot tokens and Discord webhook URLs. These are third-party external services with no connection to EVE Online or the skill author. The SKILL.md data handling statement ('communicates exclusively with esi.evetech.net and login.eveonline.com') is factually inaccurate for users who configure these integrations.

The auth_flow.py script stores EVE SSO refresh tokens (which grant long-term access to character data) in ~/.openclaw/eve-tokens.json with chmod 600. If the agent is instructed to read or transmit this file, or if another skill accesses it, all authenticated EVE characters' credentials are compromised. The skill manages this file autonomously and updates it on every token refresh.

The config validator reads environment variables referenced via $ENV:VAR_NAME syntax, including EVE_TOKEN_MAIN, EVE_REFRESH_MAIN, TELEGRAM_BOT_TOKEN, and DISCORD_WEBHOOK_URL. While used only for validation, this means the script processes all sensitive credentials in memory and warns about unset variables to stderr — potentially leaking variable names in agent output.

The OAuth PKCE flow requires a local HTTP server to receive the authorization code callback. The script binds to 127.0.0.1:8080 and waits for a browser redirect. If an SSH tunnel is active (as documented), this port is forwarded from the user's local machine. This is standard OAuth practice but creates a brief network listener that could conflict with other services.

SKILL.md states 'No character data is exfiltrated to third-party servers' but the Telegram and Discord integrations are explicitly designed to send character data to third-party servers. A user relying on this claim to assess privacy risks would be misled. The remainder of the skill description accurately covers the Telegram/Discord functionality.

When the dashboard config is active, the skill polls ESI endpoints on a configurable interval (default 5 minutes) and forwards matching alerts to Telegram/Discord continuously. This means the skill can silently forward sensitive game state (real-time location, wallet changes, mail receipt, kill events) over the lifetime of the session without requiring the user to explicitly request each piece of information.

During installation, the only external TCP connection was to GitHub.com (140.82.121.4:443) to clone the monorepo. No connections to the skill author's infrastructure, telemetry endpoints, or unexpected external services were observed. Post-install connection diff shows no persistent new outbound connections.

Canary files (.env, .ssh/id_rsa, .aws/credentials, .npmrc, .docker/config.json, GCP credentials) were not modified or exfiltrated during or after skill installation. File access events for these paths in auditd logs are attributed to the oathe monitoring framework based on pre-clone timestamps (1771902756) and post-audit-collection timestamps (1771902780), consistent with canary setup and teardown.