Is hubentu/coala safe?

https://github.com/openclaw/skills/tree/main/skills/hubentu/coala

96
SAFE

This skill contains legitimate documentation for the coala-client CLI tool, which enables interaction with LLMs and MCP servers. The content is purely instructional with no malicious code or prompt injection attempts.

Category Scores

Prompt Injection 100/100 · 30%
Data Exfiltration 85/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 90/100 · 5%

Findings (1)

LOW Tool supports importing from HTTP URLs -15

The coala tool described in this skill supports importing content from HTTP/HTTPS URLs, which could potentially be used to fetch malicious content or exfiltrate data if an attacker could control the URLs provided to the tool.