Is donsqualo/prusalink-cli safe?

https://github.com/openclaw/skills/tree/main/skills/donsqualo/prusalink-cli

97
SAFE

This skill provides a legitimate curl-based CLI wrapper for PrusaLink 3D printer API interactions. The code is well-written with proper security practices, and no malicious behavior was detected during installation or analysis.

Category Scores

Prompt Injection 100/100 · 30%
Data Exfiltration 100/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 90/100 · 5%

Findings (2)

LOW Executable shell script present -15

The skill contains a shell script (run.sh) that executes curl commands to interact with PrusaLink API. While the script follows good security practices with input validation and error handling, any executable code carries inherent risk.

LOW Potential for host misconfiguration -10

If PRUSALINK_HOST is misconfigured, the skill could send requests to unintended targets. However, this is primarily a configuration issue rather than a security vulnerability in the skill itself.