Is chris7iu/qverisai safe?

https://github.com/openclaw/skills/tree/main/skills/chris7iu/qverisai

75
CAUTION

This skill acts as a proxy for discovering and executing arbitrary third-party tools through an external API, creating extreme security risk from unknown code execution. While the skill itself appears cleanly implemented, its fundamental design pattern of executing unvetted tools makes it inherently dangerous.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 85/100 · 25%
Code Execution 20/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 30/100 · 5%

Findings (4)

CRITICAL Arbitrary Third-Party Tool Execution -80

The skill's core functionality is to search for and execute arbitrary tools discovered through the QVeris API. This presents extreme security risk as these tools are unvetted, potentially malicious, and executed with the agent's privileges.

HIGH Insecure Design Pattern -70

The skill acts as a proxy for executing unknown, third-party tools without any security vetting. This creates a massive attack surface where malicious actors could potentially get tools listed in the external API or the API itself could be compromised.

MEDIUM Third-Party Tool Data Access Risk -15

While the skill itself claims to only access QVERIS_API_KEY, the executed third-party tools could potentially access any data available to the agent, creating indirect exfiltration risk.

LOW Broad Permission Scope -5

The skill requests broad permissions to 'execute dynamic tools' which could be interpreted liberally by the agent.