Is chrisciszak/token-layer safe?

https://github.com/openclaw/skills/tree/main/skills/chrisciszak/token-layer

93
SAFE

Token Layer skill provides legitimate cryptocurrency trading functionality across multiple blockchains with proper documentation and no malicious code. The skill contains only documentation files with no executable components and shows normal installation behavior.

Category Scores

Prompt Injection 85/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 85/100 · 5%

Findings (3)

MEDIUM Persistent state management instructions -15

The skill instructs the agent to save data to memory files (memory/token-layer.json or TOOLS.md) and track referral codes across sessions, which could modify agent behavior across conversations.

LOW API key handling -5

The skill requires handling of TOKENLAYER_API_KEY environment variable for authentication with external API services.

LOW Financial risk from trading operations -15

The skill enables cryptocurrency trading operations which carry inherent financial risk if used improperly or without proper understanding.