Is dobrinalexandru/aubrai-longevity safe?

https://github.com/openclaw/skills/tree/main/skills/dobrinalexandru/aubrai-longevity

86
SAFE

The aubrai-longevity skill is a legitimate tool for querying longevity research through the Aubrai API. It includes appropriate guardrails against data exfiltration and code execution, though it inherently sends user questions to a third-party service. The skill demonstrates security awareness with explicit warnings about not executing returned API content and limiting data sent to research questions only.

Category Scores

Prompt Injection 90/100 · 30%
Data Exfiltration 75/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 80/100 · 5%

Findings (3)

MEDIUM User data sent to third-party API -25

The skill sends user questions to api.aubr.ai, a third-party service. While this is the intended functionality and includes guardrails against sending sensitive data, there's inherent risk in transmitting user input to external services.

LOW Bash commands for API interaction -15

The skill includes bash commands (curl and jq) that will be executed to interact with the API. While these are standard, safe commands for the skill's intended purpose, they still represent code execution.

LOW External API references -10

The skill references external URLs (api.aubr.ai) which could theoretically be used for redirection attacks, though this appears to be legitimate functionality.