Is eypam/pamela-calls safe?

https://github.com/openclaw/skills/tree/main/skills/eypam/pamela-calls

96
SAFE

This skill provides documentation for the Pamela voice calling API service and contains no malicious code or injection attempts. The skill itself is safe documentation that describes how to use a legitimate external API service.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 98/100 · 25%
Code Execution 95/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 90/100 · 5%

Findings (3)

LOW External URL References -5

The skill references several external domains (developer.thisispamela.com, docs.thisispamela.com, api.thisispamela.com) but these appear to be legitimate documentation links rather than injection vectors.

LOW Code Examples Present -5

The skill contains JavaScript, Python, and bash code examples that users might execute. However, these appear to be legitimate API usage examples rather than malicious code.

MEDIUM External API Service Integration -10

The skill documents integration with an external paid API service that makes actual phone calls. While the skill itself is safe, the service could potentially be misused for unwanted calling if API credentials are compromised.