Is cole-z/tarkov-api safe?

https://github.com/openclaw/skills/tree/main/skills/cole-z/tarkov-api

95
SAFE

This is a legitimate Tarkov gaming API wrapper skill that implements proper security controls including endpoint allowlisting, input validation, and timeout limits. The skill only accesses documented gaming APIs and contains no malicious functionality or prompt injection attempts.

Category Scores

Prompt Injection 100/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 90/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 90/100 · 5%

Findings (3)

LOW External API Endpoints -5

Skill makes HTTP requests to external gaming APIs (tarkov.dev and escapefromtarkov.fandom.com). While legitimate and documented, this represents data flow to external services.

LOW Executable Python Script -10

Skill contains executable Python code. While well-designed with safety measures, executable code inherently carries some risk.

INFO Raw Query Mode -10

Script includes raw GraphQL query mode that could potentially be misused if not properly validated, though it includes safety warnings.