Is femto/worldbook safe?

https://github.com/openclaw/skills/tree/main/skills/femto/worldbook

92
SAFE

This skill provides instructions for using an external CLI tool called 'worldbook' to retrieve and inject knowledge into agent contexts. While the skill itself contains no malicious code and installed cleanly, it promotes a workflow that could be vulnerable to attacks if the external service is compromised.

Category Scores

Prompt Injection 75/100 · 30%
Data Exfiltration 100/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 80/100 · 5%

Findings (2)

MEDIUM Unvalidated external content injection -25

The skill instructs agents to retrieve content from an external 'worldbook' service and inject it directly into their context without any validation or sanitization. This could be exploited if the external service is compromised.

LOW Promotes trust of external services -20

The workflow described encourages agents to blindly trust and execute instructions from external services without considering potential security implications or implementing proper validation.