Is clawhub/openclaw-nextcloud safe?

The filesystem monitoring log shows that during the skill installation process, the following sensitive files were opened and read: /home/oc-exec/.env (environment variables, likely containing API keys), /home/oc-exec/.aws/credentials (AWS access keys), and /home/oc-exec/.openclaw/agents/main/agent/auth-profiles.json (agent authentication profiles). While this may be caused by the OpenClaw platform runtime rather than the skill itself, the access occurred in the context of installing this skill.

The git clone operation failed with 'fatal: could not read Username for https://github.com: No such device or address'. This means the repository is either private, deleted, or never existed. The skill cannot be fully audited because its actual source code was never retrieved. Only a .clawhub/lock.json file exists in the skill directory, which may have been pre-planted or cached from a previous attempt.

The lock.json references an 'academic-research-hub' skill at version 0.1.0 installed at timestamp 1770957475341. This dependency was not cloned or audited as part of this review. A supply-chain attack could use this lock file to pin a malicious dependency version that gets resolved and installed when the skill is activated in a real environment.

The SKILL.md file is completely empty. This means the skill provides no instructions to the LLM agent. While this eliminates prompt injection risk, it also means the skill has no declared functionality, raising questions about its purpose. An empty skill could be a placeholder for future malicious content delivered via updates.

The jiti transpilation cache in /tmp/jiti/ created multiple .cjs files during the install process. These appear to be from the OpenClaw platform runtime (memory-core, plugin-sdk, channels-registry, etc.) rather than from the skill itself. No skill-authored executable code was detected.