Is gustavoziaugra/gas-price-alert safe?

https://github.com/openclaw/skills/tree/main/skills/gustavoziaugra/gas-price-alert

95
SAFE

This gas price alert skill appears to be a legitimate utility for finding and monitoring gas prices using public APIs. The code contains standard functionality for geocoding and API requests to OpenStreetMap/Overpass services without any malicious behavior detected.

Category Scores

Prompt Injection 100/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 90/100 · 5%

Findings (3)

LOW Contains executable Python scripts -15

The skill includes two Python scripts (gas_alternative.py and gasbuddy_search.py) that execute code to fetch gas price data. While the code appears legitimate for gas price lookup functionality, any executable code increases security risk.

LOW Makes HTTP requests to external APIs -5

The skill makes HTTP requests to OpenStreetMap/Overpass API and optionally GasBuddy for gas price data. While legitimate for functionality, external network requests pose minor data exfiltration risk.

INFO Requires network access for functionality -10

The skill's core functionality depends on external API calls to retrieve gas price data, which increases the attack surface but is necessary for the intended purpose.