Is gladego/index1-doctor safe?
https://github.com/openclaw/skills/tree/main/skills/gladego/index1-doctor
The gladego/index1-doctor skill is a legitimate read-only diagnostic tool that runs three standard CLI commands to check the index1 environment. The SKILL.md contains no prompt injection, no exfiltration instructions, no hidden content, and no malicious code. The only notable pattern is the standard Ollama install command (curl -fsSL https://ollama.com/install.sh | sh) presented as a fix suggestion in a documentation table, which carries minimal risk but could be auto-executed by a permissive agent. All canary files remained intact and sensitive-file read events in monitoring are attributable to the audit harness lifecycle, not the skill.
Category Scores
Findings (3)
LOW curl pipe-to-shell Ollama installer in fix table -8 ▶
The 'Interpreting Results' table presents curl -fsSL https://ollama.com/install.sh | sh as the remediation action for a missing Ollama installation. This targets the legitimate ollama.com domain and is standard Ollama documentation. However, it is a remote-code-execution primitive that an agent could execute autonomously if broadly instructed to fix identified issues.
INFO Clean installation — GitHub only, no residual connections 0 ▶
The installation process exclusively contacted GitHub (140.82.121.4:443). The connection diff shows no new listening ports and no established outbound connections after install. Only two files were added to the filesystem, matching the skill contents exactly.
INFO Credential file reads are audit harness artifacts 0 ▶
The inotify and auditd logs show reads of .env, id_rsa, .aws/credentials, .npmrc, .docker/config.json, and GCP credentials. Timestamps and sequential inodes confirm both read events are the audit harness creating and verifying its canary files, not the skill. No writes or network transmissions of these files occurred.