Is drkraft/basecamp-cli-mcp safe?

https://github.com/openclaw/skills/tree/main/skills/drkraft/basecamp-cli-mcp

98
SAFE

This is a legitimate CLI tool and MCP server for Basecamp 4 integration that implements proper OAuth 2.0 authentication and follows standard development practices. The code is well-structured with comprehensive test coverage and appears to have no malicious functionality.

Category Scores

Prompt Injection 100/100 · 30%
Data Exfiltration 100/100 · 25%
Code Execution 95/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 85/100 · 5%

Findings (2)

LOW Executable CLI application -5

This skill contains executable TypeScript/JavaScript code that implements CLI commands for Basecamp integration. However, the code appears legitimate with proper structure, comprehensive tests, and follows standard CLI patterns.

LOW Broad Basecamp API access -15

The skill provides extensive access to Basecamp 4 API functionality including projects, todos, messages, and other sensitive data. While this is the stated purpose, it could potentially be misused if credentials are compromised.