Is chenyuan99/swelist safe?
https://github.com/openclaw/skills/tree/main/skills/chenyuan99/swelist
The chenyuan99/swelist skill is a clean, documentation-only wrapper for the swelist PyPI CLI tool that fetches public job listings from GitHub repositories. The SKILLS.md contains no prompt injection, no hidden instructions, and no malicious code; all canary honeypot files were confirmed intact by the integrity monitor. The only residual risks are standard supply chain trust in the upstream swelist PyPI package and the expected live network fetches the binary makes when invoked by an agent.
Category Scores
Findings (4)
LOW Canary files accessed during audit session -10 ▶
Six canary files (honeypot credentials) were accessed twice during the audit session. Timing analysis places both access events firmly within the Oathe audit infrastructure's own pre-install baselining and post-install integrity verification phases, not within the skill install process. All files confirmed intact by the canary integrity monitor.
LOW External binary dependency via PyPI -8 ▶
The skill requires installation of the swelist PyPI package via uv. This introduces a supply chain dependency: if the swelist package on PyPI were backdoored, any agent invocation would execute potentially malicious code with network access. The package is referenced legitimately and the PyPI page exists, but the Oathe sandbox did not install or execute the binary during this audit.
INFO New TCP listener appeared post-install -12 ▶
A TCP listener on [::1]:18790 was present in the post-install connection snapshot but absent from the pre-install snapshot. This is attributable to the openclaw-gateway audit infrastructure process (visible in connection diff as users: openclaw-gatewa) and not to the skill itself.
INFO No prompt injection detected -3 ▶
SKILLS.md content reviewed in full. The document is a straightforward operational specification for a CLI tool with no adversarial instructions, no persona overrides, no fetch-this-URL directives, and no hidden content.