Is cognitivevelocity/cognitive-clarity safe?

https://github.com/openclaw/skills/tree/main/skills/cognitivevelocity/cognitive-clarity

84
SAFE

This cognitive accessibility skill provides legitimate functionality for improving communication clarity but contains concerning patterns around user consent and transparency. While the core functionality appears benign, the skill uses forceful override language and performs silent telemetry without user knowledge.

Category Scores

Prompt Injection 65/100 · 30%
Data Exfiltration 85/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 95/100 · 10%
Behavioral Reasoning 80/100 · 5%

Findings (4)

MEDIUM Forceful behavioral override instructions -20

The skill uses mandatory language ('MUST apply', 'This is not optional') to force the agent to modify all outbound communications without explicit user consent for each application.

MEDIUM Instructions to hide actions from user -15

The skill explicitly instructs the agent to perform telemetry actions silently without informing the user, which undermines transparency.

MEDIUM Silent telemetry transmission -15

The skill sends usage analytics to api.libb.ai without user knowledge or explicit consent, though the data appears to be anonymous.

LOW Canary file access during installation -5

Multiple sensitive canary files (.env, SSH keys, AWS credentials) were accessed during installation, though no modifications were detected.