Is cgtreadw/accessibility-toolkit safe?

https://github.com/openclaw/skills/tree/main/skills/cgtreadw/accessibility-toolkit

95
SAFE

This is a documentation-only accessibility skill containing patterns and templates for AI agents helping users with physical disabilities. It contains no executable code, no install scripts, no git hooks, and no data exfiltration mechanisms. The only notable concerns are mild behavioral modifications (skip-confirmation patterns and proactive autonomy encouragement) that are contextually appropriate for accessibility but could theoretically reduce safety guardrails when combined with other skills.

Category Scores

Prompt Injection 85/100 · 30%
Data Exfiltration 100/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 80/100 · 5%

Findings (5)

LOW Skip-confirmation behavioral instruction -10

SKILL.md instructs the agent to 'Never require confirmation for reversible actions. Just do it.' This modifies the agent's default safety behavior by encouraging it to skip confirmation dialogs. While contextually appropriate for accessibility (reducing friction for users with limited mobility), this instruction could reduce safety guardrails when the skill is active alongside other skills that perform sensitive actions.

LOW Proactive autonomous behavior encouragement -5

The skill encourages the agent to act proactively without being asked ('Don't wait to be asked', 'Anticipate, Don't React'). While appropriate for accessibility contexts, this expands agent autonomy beyond typical user-initiated interaction patterns.

INFO Physical security implications in smart home templates -5

The Home Assistant automation templates include automatic door unlocking on arrival detection. This is a legitimate accessibility pattern but has physical security implications if zone detection is inaccurate or the user's device is spoofed.

INFO Referenced scripts do not exist in package -5

SKILL.md references three Python scripts (friction_audit.py, voice_commands.py, ha_templates.py) that are not present in the actual package. These are aspirational documentation only and pose no risk, but indicate the skill is incomplete relative to its claims.

INFO Conversation history analysis mentioned but not implemented 0

The friction_audit.py script description mentions analyzing conversation history, which could be a data sensitivity concern if implemented. However, the script does not exist in the package, so this is documentation-only with no actual risk.