Is flotapponnier/mobula safe?

https://github.com/openclaw/skills/tree/main/skills/flotapponnier/mobula

85
SAFE

The Mobula skill is a well-documented crypto market data API wrapper with no malicious indicators: no prompt injection, no hidden instructions, no executable code, no suspicious network activity, and no canary file exfiltration. The risk profile centers entirely on intentional third-party data exposure—wallet addresses and API usage metadata are transmitted to Mobula's servers as a necessary consequence of the skill's function, and this is disclosed in the skill itself. The autonomous heartbeat monitoring feature compounds this by creating recurring transmissions without per-action user consent once configured.

Category Scores

Prompt Injection 88/100 · 30%
Data Exfiltration 72/100 · 25%
Code Execution 97/100 · 20%
Clone Behavior 88/100 · 10%
Canary Integrity 85/100 · 10%
Behavioral Reasoning 78/100 · 5%

Findings (6)

MEDIUM User wallet addresses transmitted to third-party Mobula API -15

Every wallet portfolio query, transaction history lookup, and heartbeat monitoring cycle transmits user-provided wallet addresses to api.mobula.io. While this is disclosed in the skill's Privacy & Security section and is architecturally necessary for its stated function, it means Mobula receives all queried wallet addresses, can correlate them with API keys, and retains them per their logging policies. Users who prefer financial privacy cannot use this skill without accepting this exposure.

LOW API key and usage metadata transmitted to third-party -8

The MOBULA_API_KEY environment variable is sent as an Authorization header on every API request. Mobula can associate all requests (wallet addresses, tokens queried, query frequency) with the specific API key, building a usage profile. Key compromise at Mobula would expose query history.

LOW Autonomous recurring API polling via heartbeat without per-action consent -7

Once a user activates monitoring (wallet guardian, whale watching, token scout), the skill instructs the agent to automatically call Mobula API endpoints every ~30 minutes via OpenClaw's heartbeat system. This creates ongoing third-party data transmission without requiring the user to explicitly authorize each API call. Users may not realize they are continuously sending wallet data to Mobula after initial setup.

LOW Persistent financial activity profiling at third-party infrastructure -10

Extended use of heartbeat monitoring—particularly whale wallet tracking and portfolio guardian patterns—creates a long-running log at Mobula's servers correlating an API key with specific wallet addresses and their transaction patterns. Over weeks or months this could reveal user investment strategies, organizational affiliations, or trading behaviors to Mobula as a data controller.

INFO Canary file accesses detected but confirmed intact with audit-infrastructure explanation -5

Audit syscall logs show accesses to canary files (.env, .ssh/id_rsa, .aws/credentials, .npmrc, .docker/config.json, .config/gcloud/application_default_credentials.json) at two timestamps. The 1771933690 accesses precede the git clone and align with GNOME/PAM session startup. The 1771933712 accesses occur after the audit script completed reading all skill files, matching the expected timing of the audit system's post-install canary integrity check. No modification, network transmission, or encoding of canary content was detected.

INFO No executable code, install hooks, or binary payloads present 0

Complete inspection of skill contents found only documentation and metadata files. No scripts, binaries, npm install hooks, git hooks, submodules, or symlinks outside the skill directory were present.