Is howardpen9/predictme safe?

https://github.com/openclaw/skills/tree/main/skills/howardpen9/predictme

95
SAFE

PredictMe is a legitimate cryptocurrency prediction market trading skill with comprehensive documentation and no detected security vulnerabilities. The main concerns are executable JavaScript for PWA functionality and inherent financial risks from trading activities.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 100/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 80/100 · 5%

Findings (2)

MEDIUM Service Worker JavaScript Code -15

The skill contains a service worker file (sw.js) with executable JavaScript code for PWA caching functionality. While the code appears benign and implements standard caching patterns, it represents executable code that could run in a browser context.

LOW Financial Trading Risk -20

This skill facilitates cryptocurrency prediction market trading which carries inherent financial risk. Users could lose money through poor trading decisions or market volatility, though this represents financial rather than security risk.