Is inclinedadarsh/manim-composer safe?

https://github.com/openclaw/skills/tree/main/skills/inclinedadarsh/manim-composer

94
SAFE

The manim-composer skill is a well-scoped, documentation-only educational planning tool that transforms vague animation ideas into structured Manim scene plans. It contains no executable code, no prompt injection attempts, no instructions to access sensitive files, and produced no suspicious network activity, process execution, or filesystem changes during installation. Canary file accesses recorded in the audit log are attributable to the Oathe monitoring framework's own synchronized baseline scans and are not associated with skill behavior or its installer.

Category Scores

Prompt Injection 96/100 · 30%
Data Exfiltration 88/100 · 25%
Code Execution 99/100 · 20%
Clone Behavior 93/100 · 10%
Canary Integrity 96/100 · 10%
Behavioral Reasoning 93/100 · 5%

Findings (4)

INFO Canary files accessed in synchronized batches consistent with monitoring framework scans -12

Audit PATH records show six canary credential files accessed at two precisely identical timestamps: 1771950091.272 (audit IDs 402-407) and 1771950110.504 (audit IDs 6919-6924). The sub-millisecond synchronicity of all six accesses in each batch is a strong indicator of programmatic iteration by the Oathe monitoring framework performing pre-install and post-install baseline checks, not organic credential harvesting by the skill or its installer. The canary integrity check independently confirms all files remain unmodified.

INFO Standard sparse-checkout monorepo installation with no suspicious side effects -7

The installation script performed a depth-1 clone of github.com/openclaw/skills, applied a sparse-checkout filter to extract only skills/inclinedadarsh/manim-composer, copied the result to the skill-under-test directory, and cleaned up. No unexpected network connections, processes, or filesystem writes outside the skill directory were observed.

INFO Agent instructed to perform web search during workflow -4

Phase 1 of the skill workflow directs the agent to use web search to research the educational topic before asking clarifying questions. This is a legitimate, purposeful use of the search tool scoped to gathering topic knowledge for animation planning. No attacker-controlled URLs are specified and no data is directed back to external endpoints.

INFO Skill package is documentation-only — no executable artifacts -1

All seven files in the skill package are either markdown documentation or JSON metadata. There are no scripts, binaries, install hooks, git hooks, submodules, or symlinks. The skill cannot execute code during installation or runtime activation.