Is deeakpan/clawracle-resolver safe?

https://github.com/openclaw/skills/tree/main/skills/deeakpan/clawracle-resolver

89
SAFE

This blockchain oracle skill appears legitimate and safe for its intended purpose of enabling AI agents to participate in decentralized oracle networks. While it contains executable code and handles cryptocurrency operations (which carry inherent risks), no malicious behavior or prompt injection attempts were detected.

Category Scores

Prompt Injection 90/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 75/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 70/100 · 5%

Findings (2)

MEDIUM Contains Executable JavaScript Scripts -25

The skill includes multiple JavaScript files in the scripts directory that are designed to be executed for blockchain interactions, API calls, and oracle operations. While these appear legitimate for the stated purpose, executable code always carries inherent security risks.

INFO LLM-Driven API Construction Attack Surface -30

The skill uses 'fully LLM-driven API integration' where the LLM constructs API calls dynamically based on oracle queries. This presents a theoretical attack surface where malicious oracle queries could potentially manipulate API call construction, though this is part of the documented functionality.