Is datadrivenconstruction/data-evolution-analysis safe?

https://github.com/openclaw/skills/tree/main/skills/datadrivenconstruction/data-evolution-analysis

93
SAFE

This skill provides legitimate construction industry data analysis capabilities for assessing digital maturity in organizations. While sensitive files were accessed during installation and the skill contains executable Python code, no actual security threats were detected and canary files remained intact.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 85/100 · 25%
Code Execution 90/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 95/100 · 5%

Findings (3)

LOW Sensitive File Access During Installation -15

System processes accessed sensitive files (.env, SSH keys, AWS credentials, etc.) during skill installation. However, canary file integrity checks confirm no actual data exfiltration occurred.

INFO Executable Python Code Present -10

The skill contains extensive Python code for construction data analysis. While the code appears legitimate and focused on digital maturity assessment, it represents executable content that could theoretically be modified.

INFO Large Code Content -5

The skill contains a very large amount of code content which could potentially be used to hide malicious instructions, though none were detected upon analysis.