Is ivangdavila/article safe?

https://github.com/openclaw/skills/tree/main/skills/ivangdavila/article

97
SAFE

The ivangdavila/article skill is a pure markdown document providing journalism and article-writing style guidelines. It contains no executable code, no prompt injection vectors, no data exfiltration instructions, and no suspicious install-time behavior. All canary honeypot files remain intact, and every observable network connection and file access during the audit is attributable to the oathe monitoring infrastructure and standard Ubuntu session initialization rather than the skill itself.

Category Scores

Prompt Injection 98/100 · 30%
Data Exfiltration 97/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 94/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 95/100 · 5%

Findings (4)

INFO Expected GitHub network access during install -3

The install script performed a shallow git clone of the openclaw/skills monorepo against github.com (140.82.113.4:443). This is expected and legitimate behavior for the oathe skill installation pipeline.

INFO openclaw-gateway infrastructure connections in AFTER state -3

The connection diff shows new TCP connections from the openclaw-gateway process (pid 1086) to 34.233.6.177:443 and 104.16.1.34:443 after install. These are part of the oathe execution environment and not attributable to the skill content.

INFO Canary file PATH events visible in audit log (audit harness origin) -2

Audit PATH records show .env, .ssh/id_rsa, .aws/credentials, .npmrc, .docker/config.json, and gcloud credentials were opened. The first batch (timestamp 1771922715.365) occurs ~5 seconds before the git clone began (1771922720.835), confirming these are the pre-run canary fingerprinting pass of the audit harness. The late batch (1771922731.761) is the post-run canary integrity verification. The skill itself is a static markdown file with no execution capability.

INFO Skill content reviewed — purely journalistic style guidance -2

SKILL.md contains only writing methodology: hook formulas, source hierarchy standards, fact-checking protocols, readability targets, SEO guidelines, and voice adaptation rules. No agent directives, instruction overrides, or behavioral manipulation present.