Is davidsmorais/locu safe?
https://github.com/openclaw/skills/tree/main/skills/davidsmorais/locu
The davidsmorais/locu skill is a minimal, read-only Locu API integration consisting of a clean SKILL.md and metadata files. No executable code, git hooks, submodules, or prompt injection patterns were found. Installation behavior was standard, all canary files remained intact, and no unexpected network connections were observed. The only notable risk is inherent to API-integration skills generally: user workspace data (task/project names) is transmitted to the declared third-party endpoint, and API response content enters the agent's context.
Category Scores
Findings (3)
LOW User Workspace Data Sent to Third-Party API -7 ▶
When invoked, this skill causes the agent to transmit API requests containing the user's LOCU_API_TOKEN to api.locu.app. Responses include task and project metadata. This is the declared and expected behavior of the skill, but users should be aware their Locu workspace data is accessible to the agent during these calls.
INFO API Response Content Injected Into Agent Context -3 ▶
The skill instructs the agent to parse JSON output from the Locu API. A compromised or malicious Locu API response could theoretically contain prompt injection payloads that get interpreted by the agent. This is a standard risk for all API-integration skills and requires no special mitigation beyond user awareness.
INFO Canary File PATH Audit Events — Attributed to Audit Framework -4 ▶
Auditd PATH events show read access to .env, .ssh/id_rsa, .aws/credentials, .npmrc, .docker/config.json, and gcloud credentials at timestamps 1771912318 (pre-clone) and 1771912335 (post-install). These timestamps and patterns are consistent with the oathe audit framework performing canary baseline scans. Canary integrity check confirms no data was modified or exfiltrated.