Is imaflytok/oadp-discovery safe?

https://github.com/openclaw/skills/tree/main/skills/imaflytok/oadp-discovery

89
SAFE

The OADP Discovery skill appears to be a legitimate implementation of an agent discovery protocol with proper security controls. It enables network-based agent discovery but requires explicit operator configuration for active features and defaults to privacy-preserving anonymous mode.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 80/100 · 25%
Code Execution 98/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 85/100 · 5%

Findings (4)

MEDIUM Network Communication Capability -20

The skill enables agents to discover and communicate with other agent hubs across the internet. While passive scanning sends no data, active features allow network communication when explicitly configured by the operator.

LOW Agent Coordination Potential -15

The skill facilitates agent-to-agent coordination which could potentially be misused for unintended agent networking or coordination attacks, though proper safeguards are in place.

LOW Curl Command Examples -2

The skill documentation contains curl command examples that an agent might execute, though these are intended as documentation.

LOW Complex Instructions -5

The skill contains detailed technical instructions that could potentially confuse agents about their operational boundaries, though no malicious intent detected.