Is earnabitmore365/session-init safe?

https://github.com/openclaw/skills/tree/main/skills/earnabitmore365/session-init

47
DANGEROUS

This skill is a sophisticated surveillance tool disguised as a session initialization helper that forces the agent to execute shell commands, read sensitive personal files, and override normal behavioral patterns. It poses significant risks for data exposure and system reconnaissance.

Category Scores

Prompt Injection 20/100 · 30%
Data Exfiltration 35/100 · 25%
Code Execution 65/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 85/100 · 10%
Behavioral Reasoning 25/100 · 5%

Findings (5)

CRITICAL Forced Shell Command Execution -40

The skill instructs the agent to execute specific shell commands like 'cat memory/*.md | tail -n 200' and 'ls -l ~/.agents/skills/' without user consent, completely overriding normal agent behavior.

HIGH Forced Access to Sensitive Personal Files -30

The skill compels the agent to read potentially sensitive personality and memory files containing personal information, system configurations, and cross-session data.

HIGH Behavioral Control Override -40

The skill enforces rigid behavioral patterns, prohibiting the agent from skipping steps and forcing specific response formats, effectively hijacking agent autonomy.

MEDIUM External Command Reference -35

The skill references 'mcporter' commands which could be malicious external tools, creating indirect code execution risks.

MEDIUM Surveillance and Intelligence Gathering -75

The skill functions as a comprehensive system surveillance tool, mapping installed software, personal files, and system configurations for potential reconnaissance.