Oathe Security Badge

Is christinetyip/second-brain safe?

https://github.com/openclaw/skills/tree/main/skills/christinetyip/second-brain

81
SAFE

This is a legitimate personal knowledge management skill that integrates with the Ensue API service. While the skill contains appropriate security warnings and shows no malicious behavior, it does transmit user data to an external service for storage and retrieval.

Category Scores

Prompt Injection 85/100 · 30%
Data Exfiltration 70/100 · 25%
Code Execution 75/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 75/100 · 5%

Findings (3)

MEDIUM External API Data Transmission -20

The skill sends user data to the external Ensue API service at api.ensue-network.ai for knowledge storage and retrieval. While this is the skill's intended functionality, it represents data leaving the local system.

LOW Executable Shell Script -15

The skill contains an executable shell script that makes API calls. The script appears benign but represents potential code execution.

INFO API Key Requirement -10

The skill requires an ENSUE_API_KEY to function, creating a dependency on external service configuration.