Is djismgaming/jwdiario safe?

https://github.com/openclaw/skills/tree/main/skills/djismgaming/jwdiario

95
SAFE

jwdiario is a minimal, single-purpose skill that fetches the daily text from the official Jehovah's Witnesses Spanish-language website and presents it verbatim. The skill contains no executable code, no data exfiltration logic, no prompt injection attempts, and no suspicious install-time behavior — only a markdown instruction file directing the agent to call web_fetch against a known legitimate domain. The sole residual risk, shared with all web-fetch skills, is that adversarially crafted content on the target domain could appear in the agent's context, though this is a negligible concern for wol.jw.org.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 91/100 · 25%
Code Execution 99/100 · 20%
Clone Behavior 96/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 93/100 · 5%

Findings (5)

LOW Agent directed to fetch and relay third-party web content verbatim -5

The skill instructs the agent to retrieve HTML from wol.jw.org and present the text without modification. If the target page were ever compromised or served adversarial content, that content would appear verbatim in the agent's output context and could attempt further prompt injection. This risk is inherent to any web-fetch skill and is not specific to malicious intent by this skill's author.

INFO External network request scoped to single legitimate domain -9

The only external data destination is wol.jw.org, the official Watchtower online library. No encoding of local data into URL parameters or query strings. Date parameters (AÑO/MES/DIA) are derived from the system clock, not from user data or local file contents.

INFO Zero executable footprint — markdown and metadata only -1

The skill repository contains exactly two files. No runnable code, no package manager hooks, no git automation, no compiled artifacts. Attack surface from the install artifact itself is effectively zero.

INFO Install network activity limited to GitHub clone -4

The only external TCP connection during installation was to 140.82.121.4:443 (GitHub). DNS resolved github.com. No secondary payloads fetched, no lateral connections observed.

INFO All canary files intact post-installation 0

Honeypot file accesses at timestamps 1771906075 (before install) and 1771906098 (after install) were performed by the audit harness sudo process as part of baseline checks, not by any skill-originated code. No exfiltration channel confirmed.