Is caopulan/openclaw-config safe?

https://github.com/openclaw/skills/tree/main/skills/caopulan/openclaw-config

93
SAFE

This is a legitimate OpenClaw configuration management skill that helps users safely edit and validate config files. It includes appropriate safety mechanisms, warns about security best practices, and shows no signs of malicious behavior.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 85/100 · 25%
Code Execution 90/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 95/100 · 5%

Findings (2)

LOW Access to potentially sensitive config files -15

Skill has access to OpenClaw config files which might contain API keys or tokens, though it explicitly warns against storing secrets in config files

LOW Executable shell script included -10

Includes one shell script for config checking, though it appears benign and only performs safe operations