Is cocokkxy/marketing-calendar safe?

https://github.com/openclaw/skills/tree/main/skills/cocokkxy/marketing-calendar

79
CAUTION

This skill is a Chinese marketing calendar content generator based on the 华与华 (HuaHuaHua) brand methodology. It contains no executable code, no data exfiltration vectors, and all canary files remained intact. The primary concern is a cluster of agent-behavior-override instructions: the skill explicitly tells the agent to skip user confirmation before acting, auto-activates on broad keyword triggers, and silently writes HTML files to disk — patterns that, while serving a legitimate marketing use case, suppress the agent's safety checks.

Category Scores

Prompt Injection 50/100 · 30%
Data Exfiltration 88/100 · 25%
Code Execution 97/100 · 20%
Clone Behavior 90/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 70/100 · 5%

Findings (7)

HIGH Bypass-Confirmation Instruction -30

The skill explicitly instructs the agent to skip all user confirmation and clarification before executing tasks. This overrides the agent's natural safety behavior of checking with users before taking actions, and could cause the agent to write files, perform web searches, or generate content without consent.

MEDIUM Auto-Trigger Self-Activation Pattern -12

The skill defines a '触发条件' (trigger conditions) section with five broad keyword phrases that cause the skill to auto-activate without explicit user invocation. This can intercept unrelated conversations and override agent behavior whenever these Chinese marketing terms appear in any context.

MEDIUM Implicit File Write Without User Consent -5

The skill mandates automatic creation of a local HTML report file as a required output step, without asking the user for permission to write to the filesystem. This is a covert write action that could deposit files in unexpected locations.

LOW Implicit WebSearch Authorization -3

The skill instructs the agent to autonomously perform WebSearch calls to supplement brand data without requesting user permission. This exposes user context (brand names, queries) to search engines without explicit consent.

LOW Placeholder Author Identity -5

The skill's author field contains the placeholder string 'your-name', indicating the skill was published directly from a template without proper attribution. This reduces accountability and makes provenance verification impossible.

INFO All Canary Files Intact 0

No honeypot credential files were accessed or modified by the skill during installation or execution. The post-install credential file access events in auditd PATH logs are consistent with the oathe audit system's canary integrity sweep, not skill-sourced activity.

INFO No Executable Code Present 0

The skill contains only Markdown prompt documents. No scripts, compiled code, git hooks, submodules, or package install scripts were found.