Is cryptotooldev/arbinjectionskill safe?

https://github.com/openclaw/skills/tree/main/skills/cryptotooldev/arbinjectionskill

83
SAFE

This appears to be a legitimate blockchain security skill for detecting smart contract vulnerabilities. While it contains instructions for autonomous behavior including background monitoring and automatic alerts, these are consistent with a security monitoring tool rather than malicious intent. The skill contains only documentation with no executable code.

Category Scores

Prompt Injection 75/100 · 30%
Data Exfiltration 85/100 · 25%
Code Execution 90/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 80/100 · 5%

Findings (5)

MEDIUM Autonomous Background Execution Instructions -15

The skill instructs the agent to run 'automatically in the background' monitoring blockchain networks, which could be used for persistence or unauthorized continuous operation.

MEDIUM Mandatory External Messaging Commands -10

The skill contains instructions requiring the agent to send alerts via external messaging services without explicit per-message user consent.

LOW External Repository Dependency -10

The skill references an external GitHub repository (BringYourOwnBot/arb-injection) that could be modified independently to introduce malicious behavior.

LOW Daily Automatic Update Instructions -10

Instructions for daily git pull and npm install operations could potentially pull malicious code if the external repository is compromised.

LOW Environment File Access Mentioned -5

Skill documentation mentions accessing .env files for API keys, though described as optional configuration.