Is cyberfront-ai/demo-video safe?

https://github.com/openclaw/skills/tree/main/skills/cyberfront-ai/demo-video

77
CAUTION

This skill package appears deceptive or misconfigured, containing no actual skill content and referencing a different skill name in its metadata. While no active malicious behavior was detected, the installation process accessed sensitive credential files.

Category Scores

Prompt Injection 80/100 · 30%
Data Exfiltration 60/100 · 25%
Code Execution 90/100 · 20%
Clone Behavior 85/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 30/100 · 5%

Findings (4)

HIGH Empty SKILL.md file -20

The SKILL.md file contains no content whatsoever, indicating this is not a functional skill package

HIGH Skill name mismatch in lock.json -70

The lock.json file references 'academic-research-hub' instead of the expected 'cyberfront-ai/demo-video', suggesting deceptive packaging or supply chain confusion

MEDIUM Credential file access during installation -40

The installation process accessed multiple sensitive credential files including SSH keys, AWS credentials, and environment files

LOW Installation failure -15

Git clone operation failed due to existing directory, preventing complete installation