Is jq safe?

https://clawhub.ai/gumadeiras/jq

95
SAFE

The jq skill is a benign documentation-only reference card for the jq command-line JSON processor. It contains no executable code, no install scripts, no git hooks, and no hidden instructions. Filesystem activity during installation is attributable to the OpenClaw host platform's own startup sequence, not the skill. No network connections were made and all canary files remained intact.

Category Scores

Prompt Injection 98/100 · 30%
Data Exfiltration 100/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 85/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 95/100 · 5%

Findings (3)

INFO External URL reference in installation instructions -2

SKILL.md references an external URL (jqlang.org/download) for installation instructions. This is a legitimate reference to the official jq project website and does not instruct the agent to fetch or execute content from it.

LOW Sensitive file access during installation by host platform -15

Filesystem monitoring detected reads of .env, .aws/credentials, and OpenClaw config files during the install window. These are attributable to the OpenClaw host platform startup, not the skill itself, which contains no executable code. Zero network connections confirms no exfiltration occurred.

INFO Documentation-only skill with minimal attack surface -5

The skill is a jq cheatsheet with no executable components. No mechanism exists for this skill to autonomously cause harm. The only risk vector is the general capability jq provides to parse arbitrary JSON files, which is inherent to the tool itself.