Is christianpickettcode/orthogonal safe?

https://github.com/openclaw/skills/tree/main/skills/christianpickettcode/orthogonal

91
SAFE

The Orthogonal API Platform skill is a legitimate documentation skill that provides access to a paid API service. It clearly describes its functionality and poses minimal security risks, though users should be aware of external dependencies and potential costs.

Category Scores

Prompt Injection 85/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 90/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 80/100 · 5%

Findings (4)

MEDIUM External API Integration Dependencies -15

The skill instructs agents to make HTTP requests to external API endpoints (api.orth.sh) and handle API authentication. While this is the documented purpose, it extends the agent's capabilities beyond local operations.

LOW Payment Processing Functionality -10

The skill enables monetary transactions through API credits and x402 blockchain payments. Users should be aware of potential costs when using the skill.

LOW Embedded Code Examples -10

The skill contains JavaScript and Python code examples that could be executed by users. While these appear legitimate, they should be reviewed before use.

LOW API Key Management Requirements -10

The skill requires users to obtain and manage API keys from external services, which introduces security considerations.