Is darkdevelopers/bring-recipes safe?

https://github.com/openclaw/skills/tree/main/skills/darkdevelopers/bring-recipes

89
SAFE

The bring-recipes skill is a documentation-only artifact containing SKILL.md and _meta.json with zero executable code, making it incapable of directly performing any malicious actions during or after installation. The sensitive file accesses observed in audit logs are attributable to the monitoring infrastructure's canary lifecycle, not the skill, and all canary files were confirmed intact. The primary residual risks are: the actual implementation (index.js/npm package) was not shipped and therefore cannot be audited, and the skill normalizes storing plaintext Bring! credentials in the shell environment where co-resident skills could read them.

Category Scores

Prompt Injection 92/100 · 30%
Data Exfiltration 85/100 · 25%
Code Execution 88/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 72/100 · 5%

Findings (7)

HIGH Implementation files absent — actual tool behavior unauditable -12

The skill ships only SKILL.md and _meta.json. The documented entry point (index.js) and dependency manifest (package.json) are not present in the repository. The user is instructed to run 'npm install' and 'node index.js', but these artifacts were not available for security review. The true behavior of the tool cannot be verified from this audit.

MEDIUM Sensitive credential files opened during audit window -8

inotifywait and auditd recorded OPEN+ACCESS events on .env, .ssh/id_rsa, .aws/credentials, .npmrc, .docker/config.json, and gcloud credentials at two separate timestamps (pre-install setup and post-install teardown). Attribution analysis places these accesses within the monitoring infrastructure's canary placement/verification cycle, not within any skill code. Canary integrity confirmed all files unmodified. No data transmission to external hosts was detected.

MEDIUM Plaintext credential environment variables documented -8

SKILL.md instructs users to export BRING_EMAIL and BRING_PASSWORD as shell environment variables. While necessary for the Bring! API, plaintext credentials in the environment are readable by any process or skill running in the same context. This is a supply-chain credential exposure risk if the skill ecosystem allows cross-skill env access.

LOW Publisher namespace 'darkdevelopers' — provenance trust reduced -5

The _meta.json owner field is 'darkdevelopers'. No corresponding public identity or reputation signal is available to verify trustworthiness. The skill content is clean, but the namespace warrants additional vetting before deployment in sensitive environments.

LOW Unverified npm dependency chain -7

SKILL.md references 'node-bring-api v2.0.2+' as a dependency. No package.json or lockfile was present to pin versions or verify integrity hashes. When a user follows install instructions, npm will resolve and execute lifecycle scripts for all transitive dependencies without audit.

INFO Install network activity limited to GitHub 0

The only external TCP connection initiated during the install phase was to 140.82.121.4:443 (github.com) for the git sparse-checkout. DNS queries resolved only through the local resolver. No unexpected outbound connections were made.

INFO All honeypot canaries intact 0

Post-install integrity verification confirmed no honeypot files were modified or transmitted. The monitoring system's filesystem diff shows only the two expected skill files added.