Is generaljerel/copilotkit-react safe?

https://github.com/openclaw/skills/tree/main/skills/generaljerel/copilotkit-react

95
SAFE

The generaljerel/copilotkit-react skill is a pure documentation package containing 25 CopilotKit React best-practice rules across markdown files with no executable code, no install scripts, no git hooks, and no data exfiltration mechanisms. All canary files were confirmed intact, and observed canary file accesses in audit logs predate the skill installation and are attributable to the audit framework itself. The only minor concerns are an author attribution discrepancy (community contributor claiming 'copilotkit' authorship) and examples that guide users toward Copilot Cloud, both of which are transparent and non-malicious.

Category Scores

Prompt Injection 96/100 · 30%
Data Exfiltration 92/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 88/100 · 5%

Findings (4)

LOW External documentation URLs referenced in SKILL.md -4

SKILL.md and rule files contain multiple references to docs.copilotkit.ai URLs. While these are legitimate documentation links for the CopilotKit library, an agent with web browsing capabilities could theoretically be directed to fetch them. The skill does not instruct the agent to fetch these URLs — they are presented as reference links only.

LOW Canary files accessed in audit logs — confirmed audit-framework reads -8

Inotify and auditd logs record opens and reads of sensitive canary files (.env, .ssh/id_rsa, .aws/credentials, .npmrc, .docker/config.json, gcloud credentials). However, timeline analysis shows the first batch of accesses (timestamp 1771921968.569) predates the skill clone by approximately 5 seconds (clone at 1771921974.100), confirming these are baseline reads by the audit infrastructure. The canary integrity check confirms all files are intact. Deducting minimally to flag the anomaly.

INFO Author attribution discrepancy: claims 'copilotkit' authorship under 'generaljerel' account -5

The SKILL.md frontmatter declares 'author: copilotkit' and _meta.json identifies the owner as 'generaljerel'. This suggests a community contributor may be publishing guidelines under the CopilotKit name without being the official organization. This is not malicious but could mislead users about official endorsement.

INFO Code examples route users toward Copilot Cloud (publicApiKey pattern) -7

Several examples in AGENTS.md demonstrate the publicApiKey prop (e.g., publicApiKey='ck_pub_...') which routes all agent traffic through CopilotKit's commercial cloud service. An agent following this skill's advice when generating application code would produce apps that connect to an external SaaS backend. This is documented and expected CopilotKit behavior, not malicious.