Is icej/ontario-course-planning safe?
https://github.com/openclaw/skills/tree/main/skills/icej/ontario-course-planning
The ontario-course-planning skill is a well-scoped, pure-Markdown educational tool for generating Ontario OSSD Grades 9–12 course plans. It contains no executable code, no sensitive-file access instructions, no prompt-injection patterns, and no exfiltration vectors. All monitoring signals (network, process, filesystem, canary) are clean with no anomalies attributable to the skill itself.
Category Scores
Findings (4)
INFO Reads bundled local reference files -5 ▶
SKILL.md Step 1 instructs the agent to read four relative-path Markdown files shipped with the skill. This is standard reference-data loading, not an attempt to traverse the filesystem or access user data. All referenced files are present in the skill directory and contain only course catalog and graduation rule content.
INFO Canary file accesses attributed to audit harness, not skill -3 ▶
PATH syscall records show accesses to .env, .ssh/id_rsa, .aws/credentials at timestamps 1771924588 (pre-install) and 1771924605 (post-install). These bracket the skill install window (1771924593–1771924600) and match the oathe audit harness performing canary baseline checks. Canary integrity report confirms no files were modified or exfiltrated.
INFO Expected git-over-HTTPS network activity -5 ▶
Install triggered a git clone to github.com (140.82.112.4:443) followed by sparse-checkout. All observed network traffic is consistent with standard git fetch operations. Ubuntu infrastructure connections (185.125.x.x) are background system activity unrelated to the skill.
INFO Stale lock.json dependency on academic-research-hub -5 ▶
.clawhub/lock.json records academic-research-hub v0.1.0 as previously installed. This skill is not referenced or invoked anywhere in SKILL.md. Most likely a stale artifact from the test VM environment. No runtime coupling observed.