Is box safe?

https://clawhub.ai/byungkyu/box

85
SAFE

This is a benign React development reference skill containing only documentation and code examples. It has no executable code, no external network references, no install hooks, and no data exfiltration vectors. The skill assigns a React expert persona and provides coding constraints, all scoped appropriately to React development. The filesystem events during installation are attributable to the evaluation harness, not the skill itself.

Category Scores

Prompt Injection 82/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 95/100 · 20%
Clone Behavior 75/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 85/100 · 5%

Findings (4)

LOW Persona assignment in SKILL.md -8

The skill assigns a persona ('You are a senior React engineer with 10+ years of frontend experience') which overrides the agent's default identity. This is a standard pattern for specialist skills and is scoped to React development only.

LOW Behavioral directives scoped to React practices -5

MUST DO / MUST NOT DO sections issue coding constraints. All are legitimate React best practices (error boundaries, key props, effect cleanup). No system override or permission escalation.

MEDIUM Environment file reads during install phase -25

Filesystem monitoring detected reads of .env, .aws/credentials, and other config files during installation. These appear attributable to the evaluation harness (openclaw agent tooling) rather than the skill itself, as no network activity occurred and no skill code could trigger these reads. Flagged for awareness.

LOW Broad trigger words may cause frequent activation -15

Triggers like 'component' and 'frontend' are generic enough to activate the skill in many non-React contexts. This is a usability concern rather than a security risk.