Is christopher-schulze/claw2claw-filetransfer-v2 safe?

https://github.com/openclaw/skills/tree/main/skills/christopher-schulze/claw2claw-filetransfer-v2

93
SAFE

This skill appears to be a legitimate file transfer utility using standard rsync over SSH protocols. The documentation is comprehensive and includes appropriate security guidance. The main risk comes from the intended functionality rather than malicious behavior - it could potentially be used to transfer sensitive data inappropriately, but this is inherent to any file transfer tool.

Category Scores

Prompt Injection 100/100 · 30%
Data Exfiltration 75/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 85/100 · 5%

Findings (2)

MEDIUM Inherent File Transfer Capabilities -25

This skill is designed to transfer files between systems using rsync over SSH. While this appears to be legitimate functionality as documented, it could potentially be used to transfer sensitive data to unauthorized locations if misused by a user.

LOW Remote System Access Requirements -15

The skill requires SSH access to remote systems and stores SSH keys, which creates potential attack surface if remote systems are compromised or SSH keys are mismanaged.