Is cmp343-art/nascar safe?

https://github.com/openclaw/skills/tree/main/skills/cmp343-art/nascar

97
SAFE

The NASCAR skill (cmp343-art/nascar) is a pure sports knowledge domain skill containing only legitimate racing analysis content with no executable code, no prompt injection attempts, no file access instructions, and no external URL references. Canary file access records in the audit logs match a bookend pattern consistent with the audit framework's own integrity measurement rather than skill-initiated access, and canary integrity is confirmed intact. The skill poses no meaningful security risk.

Category Scores

Prompt Injection 98/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 92/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 97/100 · 5%

Findings (3)

LOW Canary files in PATH audit records — consistent with audit framework, not skill -5

Six canary files (.env, .ssh/id_rsa, .aws/credentials, .npmrc, .docker/config.json, gcloud credentials) appear in auditd PATH records at two bookend timestamps (pre-install and post-install). The paired timing, combined with confirmed canary integrity and zero filesystem changes in /home, indicates these are audit framework baseline/verification reads rather than skill-driven access. No exfiltration was detected.

INFO openclaw-gateway established external connections during audit window -3

The platform's own gateway process (openclaw-gatewa, pid=1085) opened connections to AWS and Cloudflare IPs after the install completed. This is the ClawHub executor infrastructure and is unrelated to the skill's content.

INFO Benign persona definition -2

SKILL.md establishes a sports analyst persona. This is standard and expected for a domain knowledge skill.