Is farnwickarglefax/farnwick-skillguard safe?

https://github.com/openclaw/skills/tree/main/skills/farnwickarglefax/farnwick-skillguard

76
CAUTION

SkillGuard appears to function as advertised as a security scanner for OpenClaw skills, but it accesses sensitive credential files and makes external API calls to LLM services. While no malicious behavior was detected, its privileged position and broad credential access create significant security risks if compromised.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 60/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 85/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 65/100 · 5%

Findings (5)

HIGH Broad Sensitive File Access -25

The skill accesses multiple sensitive credential files including SSH private keys, AWS credentials, Docker configuration, and other API keys. While this appears to be for legitimate API authentication to LLM services, it creates significant data exposure risk.

MEDIUM Privileged Security Position -20

As a 'security scanner', this skill occupies a trusted position in the security workflow while having access to sensitive credentials. A malicious version could easily abuse this trust to steal credentials or provide false security assessments.

MEDIUM External API Communications -15

The skill makes network requests to external LLM APIs (DeepSeek, OpenRouter, Anthropic) with user credentials. While necessary for functionality, this creates potential data leakage vectors.

MEDIUM Trust Exploitation Potential -15

Users may be more likely to install and trust this skill due to its security-focused branding, making it an attractive vector for social engineering attacks.

LOW Subprocess Execution -15

The skill uses subprocess calls to execute external commands including 'clawhub' CLI tool, which increases attack surface but appears necessary for stated functionality.