Is daya0576/beaverhabits safe?
https://github.com/openclaw/skills/tree/main/skills/daya0576/beaverhabits
The beaverhabits skill is a straightforward habit-tracking integration with the Beaver Habit Tracker API. The SKILL.md content is clean with no prompt injection, hidden instructions, or attempts to access sensitive local resources. Sensitive file accesses observed during monitoring are attributable to the audit harness canary lifecycle rather than the skill, which contains no executable installation code. The only material concerns are the configurable SERVER_URL (a legitimate self-hosting feature that carries misconfiguration risk) and mild behavioral prescriptions in the usage instructions.
Category Scores
Findings (4)
MEDIUM Canary files accessed during audit window (audit harness attributed) -10 ▶
Sensitive credential files were read during the monitoring window. Timing analysis places the first batch at 04:43:08 — prior to the git clone at 04:43:13 — indicating audit harness canary initialization. The second batch at 1771908212 corresponds to post-install teardown. The skill has no executable installation code (only SKILL.md and _meta.json were installed), making attribution to the skill impossible. Canary integrity confirmed intact.
LOW Configurable server destination for API traffic -8 ▶
The SERVER_URL parameter allows redirecting all API traffic including the auth token to an arbitrary server. This is a legitimate self-hosting feature but represents a misconfiguration risk.
LOW Mandatory auto-resolution and rendering behaviors -5 ▶
The skill prescribes specific agent behaviors (auto-resolve habit IDs without asking, always render ASCII table). These constrain agent behavior moderately but serve legitimate UX purposes and do not override security-relevant instructions.
INFO No executable installation artifacts 0 ▶
The skill installs only SKILL.md and _meta.json. No package.json with install scripts, git hooks, submodules, compiled binaries, or symlinks were present.