Is efe-arv/sigil-security safe?

https://github.com/openclaw/skills/tree/main/skills/efe-arv/sigil-security

94
SAFE

This skill provides documentation for integrating with the Sigil Protocol cryptocurrency wallet API designed for AI agents. It contains no executable code and appears to be a legitimate financial service with appropriate safety mechanisms. All monitoring shows normal behavior with no data exfiltration or malicious activity detected.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 85/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 80/100 · 5%

Findings (3)

LOW External API Dependency -10

The skill connects to external Sigil API endpoints at api.sigil.codes for cryptocurrency wallet operations. While this is the intended functionality, it involves sending financial data to a third-party service.

INFO Financial Data Handling -15

The skill enables AI agents to perform cryptocurrency transactions, which carries inherent financial risk. However, the Sigil system appears designed with appropriate safety mechanisms including spending limits, multi-signature requirements, and permission scoping.

INFO API Credentials Required -5

The skill requires sensitive API credentials (SIGIL_API_KEY, SIGIL_ACCOUNT_ADDRESS) to be stored in environment variables. These are necessary for legitimate functionality but represent sensitive data.