Is icetroll/openclaw-paid-actions safe?

https://github.com/openclaw/skills/tree/main/skills/icetroll/openclaw-paid-actions

92
SAFE

This is a legitimate instruction-only skill for managing cryptocurrency-paid actions through the OpenClaw platform. It includes appropriate safety controls and documentation, with the main security consideration being the need for careful configuration of executable actions.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 80/100 · 5%

Findings (3)

MEDIUM Configurable Command Execution -10

The skill enables execution of arbitrary commands through configured actions. While this is the intended functionality and includes safety warnings, it requires careful configuration of allowed actions.

LOW Complex Configuration Requirements -5

The payment workflow requires multiple environment variables and careful configuration of allowed actions, which could lead to misconfiguration if not properly implemented.

INFO Safety Controls Present -5

The skill documentation includes multiple safety warnings and configuration requirements to prevent misuse.