Is double729/double729-plansuite safe?

https://github.com/openclaw/skills/tree/main/skills/double729/double729-plansuite

94
SAFE

PlanSuite is a project planning and execution workflow skill with no malicious content. The SKILL.md is entirely markdown-based, contains no executable code, no prompt injection patterns, and no instructions to access sensitive files or exfiltrate data. The only notable finding is that the developer accidentally shipped their personal .clawhub/lock.json inside the package, which is a packaging error rather than an attack. All canary files remained intact and canary integrity checks passed.

Category Scores

Prompt Injection 93/100 · 30%
Data Exfiltration 93/100 · 25%
Code Execution 97/100 · 20%
Clone Behavior 88/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 90/100 · 5%

Findings (3)

LOW Developer environment lock file accidentally included in skill package -7

.clawhub/lock.json inside the skill distribution lists a separately-installed skill (academic-research-hub v0.1.0). This file appears to have been accidentally copied from the developer's own ClawHub environment rather than being intentionally crafted. It does not execute, but reveals information about the author's installed skill set and represents poor packaging hygiene.

INFO Skill content primarily in Chinese, limiting review accessibility -7

The majority of SKILL.md workflow instructions are written in Simplified Chinese. This is not a security issue, but it reduces the ability of non-Chinese-reading users and security reviewers to fully audit the behavioral instructions. No injection content was found after full translation review.

INFO Post-install openclaw-gatewa connections to external AWS endpoints -12

After skill installation, the openclaw-gatewa process maintained established TCP connections to 44.214.208.192:443 (AWS). These connections are from the OpenClaw evaluation infrastructure itself and are not attributable to any instruction or artifact in the skill package.