Is frozeman/universal-profile safe?

https://github.com/openclaw/skills/tree/main/skills/frozeman/universal-profile

95
SAFE

This is a comprehensive and legitimate Universal Profile skill for LUKSO blockchain operations, with extensive documentation and testing. The skill provides powerful blockchain functionality including token management, DEX operations, and cross-chain deployments, but shows no signs of malicious behavior.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 100/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 90/100 · 5%

Findings (3)

INFO JavaScript execution capabilities -15

Skill contains JavaScript/TypeScript code that will execute in the agent environment, including blockchain transaction capabilities and private key management

INFO High-privilege blockchain operations -10

Skill provides extensive blockchain functionality including private key operations, token transfers, and smart contract interactions which could be misused if compromised

LOW Complex documentation -5

Extensive documentation with many configuration options and external service integrations increases surface area for potential misuse