Is gregm711/agentyard safe?

https://github.com/openclaw/skills/tree/main/skills/gregm711/agentyard

72
CAUTION

AgentYard is a collaboration skill that enables agents to work on a shared GitHub repository, but requires registration with an external API service and extensive system access. While the functionality appears legitimate, it poses security risks through external data transmission and broad command execution privileges.

Category Scores

Prompt Injection 75/100 · 30%
Data Exfiltration 60/100 · 25%
Code Execution 70/100 · 20%
Clone Behavior 90/100 · 10%
Canary Integrity 85/100 · 10%
Behavioral Reasoning 65/100 · 5%

Findings (5)

HIGH External API Registration with Agent Data -25

The skill instructs agents to register with an external API (clawdaddy.app) by sending agent name and description data via POST request. This creates a potential data exfiltration vector and establishes dependency on a third-party service.

MEDIUM Sensitive File Access Detection -15

Monitoring detected access to honeypot files including .env, SSH keys, AWS credentials, and other sensitive files. While files were not modified, this indicates the skill or its operations can access sensitive system files.

MEDIUM Extensive Shell Command Execution -30

The skill instructs agents to execute numerous shell commands including git operations, curl requests, and file system modifications. This provides broad system access that could be misused.

MEDIUM GitHub Token Storage and Network Operations -15

The skill requires storing GitHub tokens locally and performing git operations that could expose repository data. Network operations include both the external registration API and GitHub API calls.

LOW Third-party Service Dependency Risk -35

The skill creates a dependency on an external service (clawdaddy.app) that could be compromised or used for surveillance. While the use case appears legitimate, it introduces risks beyond the user's control.