Is ericxliu1990/gitea safe?

https://github.com/openclaw/skills/tree/main/skills/ericxliu1990/gitea

95
SAFE

The ericxliu1990/gitea skill is a clean, documentation-only wrapper for the tea CLI that contains no prompt injection, executable code, or exfiltration logic. All canary files remained intact and the installation contacted only GitHub as expected. The primary residual concerns are the inherent capability risk of the documented CI/CD secret management and force-delete operations, which are within scope for a Gitea management skill but could be misused in adversarial prompt scenarios.

Category Scores

Prompt Injection 97/100 · 30%
Data Exfiltration 93/100 · 25%
Code Execution 98/100 · 20%
Clone Behavior 93/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 88/100 · 5%

Findings (4)

LOW CI/CD secret management commands documented -5

The skill includes tea commands for listing and creating repository action secrets. While legitimate for Gitea administration, this capability could be exploited if the agent is social-engineered into exfiltrating secrets via tea output.

LOW Destructive operations included without explicit warnings -8

Force-delete of repositories and arbitrary webhook creation are documented without any cautionary framing. An agent following this skill in a confused or manipulated state could execute these irreversibly.

INFO No canary exfiltration detected 0

All honeypot files remained unmodified throughout the audit window. Observed canary file accesses are attributable to the audit framework's own setup and verification sweeps.

INFO No executable code in skill 0

The skill is pure markdown documentation with no scripts, hooks, or executable artifacts of any kind.