Is edwardrodriguez703-design/book-facial safe?

https://github.com/openclaw/skills/tree/main/skills/edwardrodriguez703-design/book-facial

92
SAFE

This skill provides documentation for booking facial services through Lokuli's MCP server endpoint. The skill contains only documentation files with no executable code or malicious content. While some sensitive canary files were accessed during the audit period, this appears to be related to the monitoring system rather than the skill itself, and no exfiltration occurred.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 85/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 85/100 · 10%
Behavioral Reasoning 90/100 · 5%

Findings (2)

LOW Sensitive file access during monitoring -15

Multiple canary files containing fake credentials were accessed during the audit period, including .env, SSH keys, AWS credentials, and other sensitive files. However, no modifications or exfiltration was detected.

INFO Minor typo in skill title -5

The skill title contains a typo ('uook facial' instead of 'book facial') which could be an error or obfuscation attempt, but appears benign.