Is fermions75/deen-time safe?

https://github.com/openclaw/skills/tree/main/skills/fermions75/deen-time

96
SAFE

Deen Time is a well-scoped, read-only skill that fetches Islamic prayer times from the public Aladhan API. Static analysis of SKILL.md reveals no prompt injection, persona hijacking, hidden instructions, or data exfiltration patterns. Runtime monitoring confirmed no unexpected network connections, no sensitive file access by the skill itself, intact canary files, and no executable code in the install package. The only notable observations are that curl uses -L redirect-following (a standard but theoretically abusable flag) and that user location data is transmitted to the third-party API as documented.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 97/100 · 25%
Code Execution 99/100 · 20%
Clone Behavior 98/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 92/100 · 5%

Findings (5)

LOW curl -L follows HTTP redirects -5

All example curl commands use the -L flag, which causes curl to transparently follow HTTP redirects. If api.aladhan.com were compromised via DNS hijacking, BGP hijacking, or supply-chain attack, the agent would silently send requests to the attacker-controlled endpoint. The risk is bounded by the fact that only location query parameters and a method integer are sent — no credentials or sensitive data.

INFO User location data sent to third-party API -3

City name, country, coordinates, and a date are transmitted to api.aladhan.com on every invocation. This is expected behavior, fully disclosed in the Privacy section of SKILL.md. No personal identifiers, credentials, or device information are included.

INFO Pre-existing network connection to 185.125.188.54:443 -2

A connection to 185.125.188.54:443 (Canonical/Ubuntu servers) was present before install and was gone after. This is an OS-level background connection unrelated to the skill.

INFO Canary files read by audit framework, not by skill 0

Reads of .env, .ssh/id_rsa, .aws/credentials, .npmrc, .docker/config.json, and GCP credentials occurred at audit timestamps 1771932993.490 (pre-install baseline) and 1771933018.187 (post-install verification). These are consistent with the Oathe audit harness taking integrity snapshots, not with any action by the skill. All files remained unmodified.

INFO No executable code present -1

The skill ships only four files: SKILL.md, README.md, claw.json, and _meta.json. No scripts, binaries, or build artifacts are present. The install process is a pure file copy with no code execution.