Is dorogoy/miniflux-skill safe?

https://github.com/openclaw/skills/tree/main/skills/dorogoy/miniflux-skill

92
SAFE

This skill provides legitimate RSS feed management functionality through the Miniflux API. It contains clean documentation and well-structured code with no malicious behavior detected during installation or analysis.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 90/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 90/100 · 5%

Findings (3)

LOW Requires API credentials -5

The skill requires MINIFLUX_TOKEN environment variable containing API credentials for authentication with Miniflux instance

LOW Executes shell and Python code -5

The skill contains executable shell script and Python code that runs with user permissions to manage RSS feeds

LOW Network connectivity required -5

The skill makes network requests to Miniflux instances for RSS feed management operations