Oathe Security Badge

Is ivanliyuanning/web-docs-capability-research-skill safe?

https://github.com/ivanliyuanning/web-docs-capability-research-skill

92
SAFE

This skill is a legitimate documentation crawler that extracts and structures content from help sites and documentation pages. It executes Python code and makes network requests as part of its core functionality, but no malicious behavior was detected.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 85/100 · 5%

Findings (3)

LOW Python Code Execution -15

The skill executes Python code via crawl_and_research.py script when crawling documentation websites. This is legitimate functionality for a web crawler but represents code execution.

LOW Network Requests to External URLs -10

The skill makes HTTP requests to crawl user-specified documentation websites. While legitimate for its purpose, this involves network communication to external hosts.

INFO Potential Reconnaissance Capabilities -15

While designed for documentation crawling, the skill could theoretically be misused to reconnaissance websites or gather information about site structure.