Oathe Security Badge

Is chengxindl/skills-ttt safe?

https://clawhub.ai/chengxindl/skills-ttt

92
SAFE

This is a legitimate educational skill that provides comprehensive guidance on creating AI agent skills, including best practices, structure recommendations, and utility scripts for validation and initialization. No evidence of malicious behavior, prompt injection, or data exfiltration was detected.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 95/100 · 5%

Findings (2)

LOW Contains executable Python scripts -15

The skill includes two Python scripts (quick_validate.py and init_skill.py) that perform file system operations. However, both appear to be legitimate utilities for skill development - one validates skill structure and the other initializes new skill directories.

INFO Canary files accessed during monitoring -10

Multiple sensitive canary files were accessed during the audit period, but analysis indicates this was system behavior during audit setup rather than skill-initiated access. The audit system confirms no actual exfiltration occurred.