Is itsflow/weekly-synthesis safe?
https://github.com/openclaw/skills/tree/main/skills/itsflow/weekly-synthesis
The itsflow/weekly-synthesis skill is a benign productivity tool consisting entirely of a markdown instruction file and a metadata JSON. It contains no executable code, no prompt injection patterns, no external URL references, and no mechanisms for data exfiltration. Post-install read accesses to canary credential files are attributed to the Oathe monitoring infrastructure's own verification step, as confirmed by the canary integrity check (all files intact) and the absence of any code in the skill that could initiate file reads.
Category Scores
Findings (3)
LOW Post-install read access to canary credential files -12 ▶
Auditd recorded read-only opens of .env, .ssh/id_rsa, .aws/credentials, .npmrc, .docker/config.json, and .gcloud/application_default_credentials.json at timestamp 1771940295.987, approximately 19 seconds after skill installation completed. The same six files were accessed in the same order at 1771940276.180 (pre-install). The canary integrity check confirms all files remain unmodified. No matching EXECVE records tie these accesses to any process introduced by the skill. Pattern and timing are consistent with the Oathe monitoring infrastructure performing its post-install canary verification pass.
INFO GitHub HTTPS connection during install (expected) 0 ▶
The only external network connection during skill installation was to 140.82.121.3:443 (github.com), initiated by the Oathe installer's git clone command. This is the expected and authorized connection for fetching skill source.
INFO SKILL.md content is benign structured markdown 0 ▶
The skill file contains only a description of a productivity workflow, an analysis process, and a markdown output template with placeholder text. There are no imperative instructions targeting the agent's behavior beyond the intended weekly synthesis task.