Is chenpinji/github-repo-stats safe?

https://github.com/openclaw/skills/tree/main/skills/chenpinji/github-repo-stats

80
SAFE

This skill claims to provide GitHub repository statistics but instructs the agent to perform risky operations including arbitrary repository cloning and system package installation with sudo privileges. While monitoring shows normal installation behavior and no data exfiltration, the functionality significantly exceeds the stated scope and introduces security risks.

Category Scores

Prompt Injection 70/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 60/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 80/100 · 5%

Findings (6)

HIGH Arbitrary repository cloning with potential hook execution -25

The skill instructs the agent to execute 'git clone --depth 1 https://github.com/owner/repo.git' commands, which could trigger malicious git hooks in cloned repositories.

HIGH System package installation with sudo privileges -15

The skill instructs the agent to install packages using sudo, which involves code execution with elevated privileges that could be exploited.

MEDIUM Instructions beyond stated skill scope -20

The skill claims to query repository statistics but instructs complex operations including repository cloning and package installation.

MEDIUM Potential for resource abuse and unauthorized actions -20

The skill could be misused to clone large repositories, consume system resources, or access repositories the user has credentials for.

LOW Risk of accessing sensitive data in cloned repositories -10

Cloning arbitrary repositories could expose sensitive files if target repositories contain secrets or confidential information.

MEDIUM Chinese language instructions potentially obscuring behavior -10

The skill uses Chinese language instructions which may make it harder for users to understand the full scope of operations being performed.