Is callum-kemp/ryanair-fare-finder safe?

https://github.com/openclaw/skills/tree/main/skills/callum-kemp/ryanair-fare-finder

98
SAFE

The ryanair-fare-finder skill is a purely static markdown reference document that teaches an agent how to construct Ryanair fare-finder query strings. It contains no executable code, no prompt injection, no data-exfiltration logic, and no git hooks or submodules. All monitoring anomalies (canary reads, post-install network connections) are attributable to the audit infrastructure itself, not the skill.

Category Scores

Prompt Injection 99/100 · 30%
Data Exfiltration 100/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 97/100 · 10%
Behavioral Reasoning 99/100 · 5%

Findings (3)

INFO Post-install openclaw-gateway network activity is audit infrastructure -2

New TCP connections visible in the connection diff belong to the openclaw-gateway process (pid=1081), which is the ClawHub audit runtime. This is expected and unrelated to the skill under test.

INFO Canary file reads are from audit harness, not skill -2

Periodic reads of honeypot credentials appear in the auditd PATH log at multiple intervals. Because the skill has no executable code, these accesses originate from the audit infrastructure's own canary-verification sweep. All files remain unmodified.

INFO Legitimate network access declaration -1

The compatibility field transparently states network access is needed to reach ryanair.com. This is honest metadata, not an instruction for the agent to autonomously fetch URLs.