Is foeken/spots safe?
https://github.com/openclaw/skills/tree/main/skills/foeken/spots
The foeken/spots skill is a personal Google Places search tool with clean, documentation-only content and no embedded executable code, prompt injection, or exfiltration logic. All canary files remained intact and no unexpected network connections were made during installation. The primary residual risks are the reference to an external Go binary (github.com/foeken/spots) whose supply-chain integrity is outside the scope of this audit, and a 1Password vault URI that an agentic LLM could interpret as an actionable credential lookup.
Category Scores
Findings (4)
LOW External binary installation reference -22 ▶
The skill documents installing an external Go binary via 'go install github.com/foeken/spots@latest'. If an LLM agent were to execute this on behalf of the user, it would download and compile code from an external repository not audited here. The skill itself contains no malicious code, but the trust boundary shifts to the referenced repository.
LOW 1Password vault URI may be treated as actionable by agent -12 ▶
The skill includes the line 'Key stored in 1Password: op://Echo/Google API Key/credential'. An LLM agent with the 1Password CLI (op) available could interpret this as an instruction to retrieve the credential automatically. This is likely developer documentation rather than a malicious directive, but in an agentic context it could trigger unintended credential access.
INFO Google Places API key required and used at runtime -8 ▶
The skill requires a Google API key (GOOGLE_PLACES_API_KEY) that is passed to the external binary. This is the expected, documented behavior. API queries go directly to Google's Places API. No evidence of the key being sent to any other endpoint.
INFO Normal network activity during install -13 ▶
Clone fetched only the openclaw/skills monorepo from GitHub using sparse-checkout to retrieve the foeken/spots subpath. No additional network connections were initiated by the skill itself.