Is gumadeiras/gotrain safe?

https://github.com/openclaw/skills/tree/main/skills/gumadeiras/gotrain

94
SAFE

The gotrain skill is a minimal, well-scoped CLI wrapper for NYC MTA transit departures. The SKILL.md contains no prompt injection vectors, no executable code, no git hooks or submodules, and no instructions for the agent to access sensitive resources. Sensitive file reads observed in monitoring are temporally and contextually attributable to the oathe audit harness canary checks rather than the skill itself, as confirmed by the canary integrity system. The only residual risk is an unaudited third-party npm package (gotrain-cli) that would be installed separately at user setup time.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 97/100 · 20%
Clone Behavior 93/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 90/100 · 5%

Findings (4)

LOW Sensitive credential files opened during audit window -10

Inotify and auditd records show read-only access to .env, .ssh/id_rsa, .aws/credentials, .npmrc, .docker/config.json, and GCloud credentials. Temporal analysis places both access events (12:30:32 pre-clone and 12:30:49 post-scan) in alignment with the oathe audit harness canary integrity checks rather than any skill-originated process. CLOSE_NOWRITE flags confirm no data was written or exfiltrated. Canary integrity subsystem independently confirmed all files unmodified.

LOW Unaudited external npm dependency referenced in install metadata -3

The skill metadata specifies npm install -g gotrain-cli as the installation step. The gotrain-cli package on the npm registry is not included in this audit's scope. A malicious or compromised version of that package could execute arbitrary code via preinstall/postinstall hooks at user install time. No such execution was observed during this audit because npm was not invoked.

INFO External source URL present in SKILL.md -5

SKILL.md includes a Source section pointing to https://github.com/gumadeiras/gotrain-cli. This is a passive informational reference, not an instruction to the agent to fetch or execute remote content. No prompt injection vectors identified.

INFO System daemon network activity coincident with install -7

fwupd (firmware update daemon) and Ubuntu MOTD scripts generated outbound HTTPS connections to Fastly (199.232.174.49) and Canonical (91.189.91.49, 185.125.188.57) servers during the audit window. These are standard Linux system services unrelated to the skill install and are expected background activity.