Is ianalloway/data-viz safe?

https://github.com/openclaw/skills/tree/main/skills/ianalloway/data-viz

92
SAFE

The ianalloway/data-viz skill is a straightforward documentation reference for terminal-based charting tools (uplot, termgraph, gnuplot). SKILL.md contains no prompt injection, hidden instructions, or data exfiltration logic — all external URLs appear exclusively inside fenced code blocks as illustrative examples. Install commands use legitimate, established package managers (gem, pip) targeting well-known open-source packages. Observed canary file PATH events are consistent with the oathe audit framework's own pre/post monitoring sweeps, not skill-triggered reads, as confirmed by the intact canary integrity report.

Category Scores

Prompt Injection 96/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 88/100 · 20%
Clone Behavior 87/100 · 10%
Canary Integrity 88/100 · 10%
Behavioral Reasoning 93/100 · 5%

Findings (5)

LOW Package manager installs introduce supply-chain dependency -12

The skill installs youplot via 'gem install youplot' and termgraph via 'pip install termgraph'. While both are legitimate, established open-source packages, any gem or pip install carries inherent supply-chain risk if those packages are ever compromised upstream.

INFO curl listed as required binary -5

The skill declares curl as a required binary. curl is a standard system utility and its presence alone is not a risk, but agents with this skill active will have curl suggested as a data-fetching tool in visualization workflows.

INFO External API URLs present in code examples -4

Documentation includes curl examples targeting https://api.example.com/data and https://www.alphavantage.co/query (demo key). These are inside fenced code blocks and serve as illustrative examples, not live agent instructions. No risk unless an agent misinterprets documentation as directives.

INFO Canary file PATH events observed — attributed to audit system -12

Two batches of canary file PATH records (pre-clone at 1771925576.617 and post-install at 1771925592.907) cover .env, .ssh/id_rsa, .aws/credentials, .npmrc, .docker/config.json, and gcloud credentials in identical order. Timing, sequence, and the 'All canary files intact' integrity report indicate these are the oathe audit framework's own monitoring sweeps, not skill-triggered reads.

INFO Post-install openclaw-gatewa connections to external IPs -13

After install, ss shows openclaw-gatewa (pid=1086) holding established connections to 98.83.99.233:443 and 104.16.5.34:443 (Cloudflare). These are attributable to the openclaw audit/gateway system, not to the skill itself.