Is chrisagiddings/openclaw-yatta-skill safe?
https://github.com/openclaw/skills/tree/main/skills/chrisagiddings/openclaw-yatta-skill
95
SAFE
This is a legitimate task management integration skill with comprehensive documentation and appropriate security warnings. No malicious behavior, prompt injection attempts, or unauthorized access detected during installation and analysis.
Category Scores
Findings (3)
INFO External API Integration -3 ▶
Skill connects to external Yatta API endpoints as documented functionality. This is expected behavior for a task management integration.
LOW Direct Supabase URL Usage -5 ▶
Uses direct Supabase Edge Functions URL instead of branded domain. Documented as temporary until proxy configuration is resolved.
LOW Full API Access Required -10 ▶
Skill requires full API access to Yatta account with no read-only scopes. However, this is clearly documented with comprehensive security warnings.