Is dubnium0/time-series-analysis safe?

https://github.com/openclaw/skills/tree/main/skills/dubnium0/time-series-analysis

84
SAFE

The time-series-analysis skill by dubnium0 contains legitimate and technically accurate time series data science content with no prompt injection attempts, no executable malicious code, and no confirmed credential exfiltration — all canary files remain intact. The primary concern is the bundled .clawhub/lock.json within the skill package that references 'academic-research-hub' as an installed dependency, which is architecturally anomalous for a standalone data science skill and could trigger unintended secondary skill installation in agent runtimes that process lock files. The sensitive file accesses observed in the audit logs are attributable to the oathe monitoring infrastructure rather than the skill itself.

Category Scores

Prompt Injection 90/100 · 30%
Data Exfiltration 78/100 · 25%
Code Execution 92/100 · 20%
Clone Behavior 77/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 82/100 · 5%

Findings (5)

MEDIUM Bundled .clawhub/lock.json references secondary skill dependency -23

The skill package ships a .clawhub/lock.json file inside the skill directory that records 'academic-research-hub' v0.1.0 as an installed skill. A time-series analysis skill has no legitimate reason to bundle a lock.json referencing a separate research skill. If the agent runtime parses this file and interprets it as a required dependency, it could trigger installation of 'academic-research-hub' without user awareness, creating a supply chain injection vector.

LOW Credential files accessed during installation window -22

Multiple sensitive credential files were accessed during the monitoring period: .env, .ssh/id_rsa, .aws/credentials, .npmrc, .docker/config.json, and .config/gcloud/application_default_credentials.json. Timing analysis places early accesses (1771914467.3xx) before the skill installation began and the final batch (1771914486.781) after completion with all six files accessed at the same millisecond timestamp, consistent with the oathe canary verification sweeps. Canary integrity confirms no modification or exfiltration occurred.

LOW Cross-skill workflow integration suggestions -10

SKILLS.md includes a section recommending use alongside /data-analyst, /data-scientist, /fintech-engineer, and /quant-analyst. While these appear to be benign documentation suggestions, in multi-skill agent deployments they could influence the agent to activate additional skills, broadening the overall attack surface.

LOW Typo in displayName field suggests possible quality or authenticity concern -5

The _meta.json displayName field reads 'time-sereis-analysis' rather than 'time-series-analysis'. While a simple typo, it is a minor authenticity signal in a published package.

INFO Post-install outbound connections are execution environment infrastructure 0

Two ESTABLISHED TCP connections to 34.233.6.177:443 (AWS) appear in the post-install connection diff, attributed to process 'openclaw-gatewa' (pid=1082). This process predates the skill installation (PID 1082 is well below the skill install PIDs 5152+) and represents the oathe execution environment gateway, not a process spawned by the skill.