Is jash2368-collab/pro safe?

https://github.com/openclaw/skills/tree/main/skills/jash2368-collab/pro

94
SAFE

The skill-creator skill (jash2368-collab/pro) is a legitimate guidance package for building Claude skills, accompanied by three well-scoped Python utilities for initialization, validation, and packaging. No prompt injection, data exfiltration instructions, malicious code, hidden content, or canary violations were found. The only material observations are bounded filesystem-write capabilities in the bundled Python scripts (appropriate to the skill's stated purpose) and the inherent but indirect meta-risk of a skill that teaches agents to generate other skills.

Category Scores

Prompt Injection 97/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 97/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 85/100 · 5%

Findings (3)

LOW Executable Python scripts with filesystem write capability -15

init_skill.py creates new skill directory trees at caller-specified paths and writes SKILL.md templates plus example resource files. package_skill.py writes .skill zip archives. Both scripts are invoked when Claude follows the skill's workflow instructions. No malicious logic was detected; the capability is bounded to the skill-creation use case, but the scripts do perform unrestricted filesystem writes wherever the agent points them.

INFO Meta-skill carries transitive risk: it produces other skills -15

A skill that guides agents to author and publish new skills extends the trust surface transitively. A compromised operator environment could leverage this guidance to produce skills with harmful instructions while using this legitimate skill as cover. The risk is indirect — the skill's own content is benign — but worth noting for high-security deployments.

INFO Canary file accesses attributable to monitoring infrastructure -5

All six canary files were accessed at two distinct timestamps (1771955285.405-408 before install and 1771955304.912 after install). The symmetry of accesses — identical file set, nearly simultaneous audit event IDs at each timestamp — matches the oathe monitoring system's pre/post baseline canary scans rather than any skill-initiated read. Canary integrity check confirms no modification.