Is san-francisco safe?

https://clawhub.ai/ivangdavila/san-francisco

95
SAFE

The san-francisco skill is a pure informational city guide containing only static markdown files with travel, neighborhood, food, transportation, and cost-of-living data for San Francisco. It contains no executable code, no external URL references, no data exfiltration mechanisms, and no prompt injection attempts. All monitoring signals (filesystem, network, process execution, canary integrity) confirm benign behavior during installation.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 100/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 90/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 85/100 · 5%

Findings (3)

INFO Directive-style language in SKILL.md -5

The skill uses emphatic directives like 'ALWAYS avoid', 'NEVER leave anything visible', and 'NEVER recommend housing, even if cheap'. While these are appropriate safety guidance for San Francisco, they use strong imperative language that could theoretically influence agent behavior beyond the skill's intended scope. This is standard practice for informational skills and does not constitute prompt injection.

INFO Network connection to 216.150.1.1 during install -10

A TLS connection to 216.150.1.1:443 was observed during the skill installation window. This appears to be the ClawHub registry connection for downloading the skill package, which is expected behavior. The connection exchanged a moderate amount of data consistent with downloading markdown files.

INFO Lock file references unrelated skill -15

The .clawhub/lock.json file at the root of the skill-under-test directory references an 'academic-research-hub' skill that is not part of this skill package. This is a standard ClawHub workspace manifest tracking all installed skills and poses no security risk.