Is drgeld/flashcards-podcasts-master safe?

https://github.com/openclaw/skills/tree/main/skills/drgeld/flashcards-podcasts-master

88
SAFE

This EchoDecks flashcard management skill appears legitimate and safe for installation. The main concerns are a syntax error in the Python code that could cause malfunctions and the dependency on an external API service. No malicious behavior was detected during installation monitoring.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 85/100 · 25%
Code Execution 75/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 85/100 · 5%

Findings (3)

MEDIUM Syntax Error in Python Code -25

Line 190 contains a syntax error: 'args = parser.parse_active_recall = parser.parse_args()' should be 'args = parser.parse_args()'. This appears to be a copy-paste error that could cause the script to malfunction.

LOW External API Key Requirement -15

The skill requires an ECHODECKS_API_KEY environment variable to function. While this is for legitimate API access, it represents a potential data flow to an external service.

LOW External Service Dependency -15

The skill depends entirely on the EchoDecks external service. If the service were compromised or changed its behavior, it could affect the skill's security posture.