Is gitgoodordietrying/encoding-formats safe?

https://github.com/openclaw/skills/tree/main/skills/gitgoodordietrying/encoding-formats

96
SAFE

The encoding-formats skill is a pure reference document containing bash, Python, and JavaScript examples for standard encoding operations. Static analysis of SKILL.md reveals no prompt injection, hidden instructions, exfiltration logic, or executable payload. Filesystem and network monitoring confirm a clean install with no canary compromise, no new persistent connections, and no writes outside the skill directory. The only noteworthy items are a minor shell-injection pattern in a documentation code snippet and the expected dual-use nature of encoding utilities, neither of which represents active malicious behavior.

Category Scores

Prompt Injection 97/100 · 30%
Data Exfiltration 93/100 · 25%
Code Execution 96/100 · 20%
Clone Behavior 97/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 91/100 · 5%

Findings (4)

LOW Shell injection risk in Quick Decode Script documentation -4

The Quick Decode Script example uses python3 -c "from urllib.parse import unquote; print(unquote('$INPUT'))" where $INPUT is directly interpolated into the shell command. If an agent were instructed to save and execute this script with untrusted input, a crafted string like '); import os; os.system('id'); # could achieve code execution. This is documentation code, not an auto-run script, but agents capable of writing and executing shell scripts could misuse this pattern if instructed to do so.

INFO Sensitive credential files opened during monitoring period -7

Filesystem and auditd monitoring recorded open/access syscalls against .env, .ssh/id_rsa, .aws/credentials, .npmrc, .docker/config.json, and GCP application_default_credentials.json at timestamps corresponding to the audit system's own canary file baselining runs (pre-install at 1771940392 and post-install at 1771940412). No writes occurred and canary integrity was confirmed clean. These accesses are attributable to the oathe monitoring infrastructure, not to skill code. Recorded as an informational finding for audit completeness.

INFO Encoding utilities have theoretical dual-use potential -9

Base64, hex, and URL encoding functions are standard obfuscation primitives used in data exfiltration chains. This skill provides accurate reference implementations for all of them. A malicious agent context (compromised by a separate vector) could use this skill's guidance to encode stolen data before transmission. The skill itself contains no instructions to do this and is structurally identical to standard developer documentation.

INFO Pre-existing outbound connection to Ubuntu infrastructure -3

A connection to 185.125.188.57:443 (Canonical/Ubuntu) was already established at install start — visible in the BEFORE connection snapshot. This is unrelated to the skill and represents normal Ubuntu update/MOTD infrastructure activity. Noted for completeness.