Is hengruizzzz/clawhealth-deployer safe?

https://github.com/openclaw/skills/tree/main/skills/hengruizzzz/clawhealth-deployer

73
CAUTION

This skill deploys ClawHealth by downloading and executing external code from GitHub without verification, creating a significant remote code execution risk. While the functionality appears legitimate, the lack of integrity checks on external code poses a critical security concern.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 75/100 · 25%
Code Execution 30/100 · 20%
Clone Behavior 85/100 · 10%
Canary Integrity 90/100 · 10%
Behavioral Reasoning 40/100 · 5%

Findings (4)

CRITICAL Downloads and executes unverified external code -70

The install.sh script clones an external repository (https://github.com/the-momentum/open-wearables.git) and executes 'make deploy-openclaw' inside it without any integrity verification. This provides a vector for remote code execution if the external repository is compromised.

MEDIUM Modifies user configuration files -25

The skill modifies the user's OpenClaw configuration file (~/.clawdbot/clawdbot.json5) by merging MCP server configuration. While this appears to be the intended functionality, it modifies sensitive user configuration.

MEDIUM External dependency installation 0

The skill installs npm dependencies (json5) during execution, which could potentially be compromised through supply chain attacks.

LOW System file access detected -10

Monitoring detected access to sensitive files like .env, SSH keys, and AWS credentials, but this appears to be from sudo authentication processes rather than direct skill access.