Is chrisvel/tududi safe?

https://github.com/openclaw/skills/tree/main/skills/chrisvel/tududi

97
SAFE

This skill provides legitimate documentation for integrating with a self-hosted 'tududi' task management system. It contains only documentation files with no executable code, install hooks, or malicious content.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 95/100 · 5%

Findings (2)

LOW Sensitive file access during audit -5

Monitoring detected access to sensitive files (.env, SSH keys, AWS credentials) during the audit period, but analysis shows these were from system monitoring processes (tcpdump, auditd) rather than the skill installation itself.

INFO Standard API documentation format -5

The skill contains well-structured API documentation for a self-hosted task management system with no malicious instructions or prompt injection attempts.