Is cyberfront-ai/pinterest safe?

https://github.com/openclaw/skills/tree/main/skills/cyberfront-ai/pinterest

82
SAFE

The cyberfront-ai/pinterest skill appears to be completely empty with no functional content, making it essentially non-operational. While some canary files were accessed during installation, no malicious behavior or data exfiltration was detected.

Category Scores

Prompt Injection 100/100 · 30%
Data Exfiltration 85/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 75/100 · 10%
Canary Integrity 85/100 · 10%
Behavioral Reasoning 60/100 · 5%

Findings (3)

MEDIUM Canary file access detected -15

Multiple sensitive canary files were accessed during installation including .env, SSH keys, AWS credentials, and other configuration files. However, no modifications or exfiltration was detected.

MEDIUM Installation failure -25

The skill installation failed with 'destination path already exists' error, indicating potential issues with the installation process or repository structure.

HIGH Empty skill with no functional content -40

The skill contains no SKILL.md content, no source code, no package.json, and no functional components. This appears to be an incomplete or placeholder skill.