Is jaschadub/agentpin safe?

https://github.com/openclaw/skills/tree/main/skills/jaschadub/agentpin

94
SAFE

AgentPin is a documentation-only skill providing technical guidance for a cryptographic agent identity protocol. It contains no executable code and poses minimal security risks.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 95/100 · 5%

Findings (2)

LOW External URLs referenced in documentation -5

The skill references external GitHub URLs for AgentPin documentation, which is normal for technical documentation but could theoretically be used to direct agents to external resources.

INFO Monitoring detected sensitive file access during audit setup -10

The monitoring system detected access to sensitive files (.env, SSH keys, AWS credentials) but these occurred during audit setup before skill installation, not from the skill itself.