Is eason-tien/jarvis-monitor safe?

https://github.com/openclaw/skills/tree/main/skills/eason-tien/jarvis-monitor

94
SAFE

This skill provides a legitimate JARVIS-style system monitoring dashboard with sci-fi UI elements. It consists of a single HTML file with client-side JavaScript for dashboard functionality and requires users to configure their own health check endpoint.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 90/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 90/100 · 5%

Findings (2)

LOW Client-side JavaScript present -10

The monitor.html file contains JavaScript code for dashboard functionality. While this appears legitimate for the monitoring interface, it represents executable code that runs in the browser.

INFO Hardcoded example IP address -10

Documentation contains a hardcoded example IP address (192.168.31.19:8000) that users need to replace with their actual server URL.