Is itobey/get-tldr safe?

https://github.com/openclaw/skills/tree/main/skills/itobey/get-tldr

86
SAFE

This skill provides legitimate URL summarization functionality using the get-tldr.com API. While the core functionality appears safe, there are privacy concerns regarding URL logging and external data transmission that users should be aware of.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 75/100 · 25%
Code Execution 80/100 · 20%
Clone Behavior 90/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 70/100 · 5%

Findings (4)

MEDIUM URL and Response Data Logging -15

The skill logs all processed URLs and API responses to ~/.config/get-tldr/skill.log, which could expose sensitive URLs or content over time.

MEDIUM External Data Transmission -10

User-provided URLs are transmitted to external service get-tldr.com, potentially exposing private or sensitive links.

LOW Network-Enabled Code Execution -20

The skill contains executable Python code that makes HTTP requests, which could be misused if the external service is compromised.

INFO External Service Dependency -30

The skill depends on get-tldr.com service availability and trustworthiness for functionality.