Is guohongbin-git/sspai-hot-cn safe?

https://github.com/openclaw/skills/tree/main/skills/guohongbin-git/sspai-hot-cn

95
SAFE

This skill is designed to monitor Chinese tech articles from SSPAI but currently contains only mock data implementation. The code is completely benign with no network functionality, data exfiltration attempts, or malicious behavior detected.

Category Scores

Prompt Injection 98/100 · 30%
Data Exfiltration 100/100 · 25%
Code Execution 90/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 95/100 · 5%

Findings (2)

LOW Executable Python script with benign functionality -10

The skill contains an executable Python script (sspai_fetch.py) that returns hardcoded mock data about Chinese tech articles. While executable, the code poses no security risk as it contains no network calls, file system access, or shell command execution.

INFO Non-functional mock implementation -5

The skill currently returns only hardcoded mock data rather than actual SSPAI article feeds. While this makes it completely safe, it also makes the skill non-functional for its intended purpose.