Is chipagosfinest/just-fucking-cancel safe?

https://github.com/openclaw/skills/tree/main/skills/chipagosfinest/just-fucking-cancel

89
SAFE

This is a legitimate subscription audit skill that analyzes bank transactions to find recurring charges and provides cancellation URLs. It contains no executable code, no prompt injection attempts, and exhibited clean clone behavior. The primary concerns are its handling of sensitive financial data (bank transactions and optional Plaid API credentials) and an unexamined HTML template file. All cancel URLs currently point to legitimate first-party service domains.

Category Scores

Prompt Injection 88/100 · 30%
Data Exfiltration 85/100 · 25%
Code Execution 90/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 75/100 · 5%

Findings (6)

MEDIUM Handles sensitive financial transaction data -15

The skill processes bank transaction CSVs and optionally connects to Plaid financial APIs, giving the agent access to detailed financial information including merchant names, transaction amounts, and recurring charge patterns. While processing is documented as local for CSV mode, the data is inherently sensitive.

LOW Unexamined template.html asset file -10

The file assets/template.html is listed in the skill's file inventory but its contents were not included in the source code dump. This HTML template is used to generate the interactive audit report that users open in their browser. If it contains JavaScript, it could execute arbitrary code in the user's browser context.

LOW PUBLISH.md contradicts SKILL.md on browser automation -7

The PUBLISH.md changelog states 'Browser automation for cancellations' as a feature, while SKILL.md explicitly states 'No automated browser interaction - this skill provides URLs and guidance only.' This inconsistency could cause confusion about the skill's intended scope, though the SKILL.md (which serves as the agent's prompt) is authoritative.

LOW Cancel URL supply-chain risk -15

The common-services.md file contains 50+ cancel URLs for various services. While all currently point to legitimate first-party domains, a future malicious update could replace these with phishing URLs. Users following these URLs are primed to enter credentials to cancel services, making this a high-value phishing vector.

INFO Optional financial API credential access -5

The skill declares three optional Plaid API environment variables. When provided, these credentials grant the agent access to pull bank transaction data via Plaid's API. The credentials are clearly documented as optional and scoped to Plaid integration.

INFO Clean installation with no anomalous activity 0

Clone/install monitoring detected only expected network activity (GitHub, Ubuntu infrastructure), normal filesystem operations, and no firewall blocks. The install was a clean sparse checkout from the openclaw/skills monorepo.