Is dotcom-squad/telnyx-toolkit safe?

https://github.com/openclaw/skills/tree/main/skills/dotcom-squad/telnyx-toolkit

92
SAFE

The dotcom-squad/telnyx-toolkit skill is completely empty — no SKILL.md, no source code, and no package.json were present in the installed directory, meaning it poses no direct security risk in its current state. All monitoring anomalies (canary file reads, repeated clone attempts) are attributable to the Oathe audit infrastructure's own initialization and post-install verification procedures, not to any skill behavior. The skill's empty state is anomalous for a published plugin and future commits to this path should trigger mandatory re-audit before deployment.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 88/100 · 25%
Code Execution 97/100 · 20%
Clone Behavior 82/100 · 10%
Canary Integrity 95/100 · 10%
Behavioral Reasoning 88/100 · 5%

Findings (4)

INFO Skill directory is completely empty — no files of any kind -3

The cloned and installed skill directory contained no SKILL.md, no source code, no package.json, no configuration files, and no assets. This is highly unusual for a published skill and may indicate an unpublished stub, a failed or cleared commit, or a placeholder registered in the monorepo before content was added.

INFO Canary credential files read by audit infrastructure at init and post-install -12

Six canary files covering all major credential types were opened read-only at two points: audit initialization (establishing baseline) and post-install verification (confirming integrity). Both access groups are fully consistent with Oathe's own canary lifecycle management. No skill-side code could have triggered these reads — the skill is empty. The canary integrity check explicitly confirms no exfiltration occurred.

LOW Install failed with 'destination already exists' — repeated clone attempts by audit harness -18

The audit harness attempted to clone the monorepo at least twice (evidenced by duplicate EXECVE entries for the identical install bash command). The second attempt failed because /tmp/monorepo-clone already existed from the first. This is an audit infrastructure issue, not a malicious behavior. The skill itself has no install lifecycle hooks.

INFO Empty skill poses no current risk but warrants monitoring of future commits -12

Because SKILL.md is empty, loading this skill into an agent system prompt injects no instructions and changes no agent behavior. The skill is inert. However, the skill path is registered in the openclaw/skills monorepo and could receive malicious content in a future commit without re-triggering an audit. Any update to this skill path should be re-audited before deployment.