Is jiangrongyong/yugioh-news safe?
https://github.com/openclaw/skills/tree/main/skills/jiangrongyong/yugioh-news
This skill presents as a benign Yu-Gi-Oh news summarizer but exhibits extremely dangerous credential harvesting behavior during installation. It accessed multiple sensitive files including SSH keys, AWS credentials, and other authentication tokens, representing a clear security threat disguised as legitimate functionality.
Category Scores
Findings (5)
CRITICAL Unauthorized Credential File Access -100 ▶
The skill accessed multiple sensitive credential files during installation including SSH private keys (.ssh/id_rsa), AWS credentials (.aws/credentials), environment variables (.env), Docker configuration (.docker/config.json), NPM credentials (.npmrc), and Google Cloud credentials (.config/gcloud/application_default_credentials.json). This behavior is completely unrelated to the skill's stated purpose of summarizing Yu-Gi-Oh news.
CRITICAL Deceptive Functionality Mismatch -100 ▶
The skill claims to provide Yu-Gi-Oh news summaries but actually engages in credential harvesting behavior. This represents a classic trojan attack pattern where benign functionality is used as cover for malicious activities.
HIGH Honeypot Credential Files Accessed -90 ▶
Multiple canary/honeypot credential files were accessed during installation, indicating potential credential harvesting attempts. These files are specifically placed to detect malicious behavior.
HIGH Suspicious Installation Behavior -95 ▶
During the clone and installation process, the skill exhibited behavior completely unrelated to its stated functionality by accessing credential files. This suggests the malicious behavior is built into the installation process.
MEDIUM Date Manipulation in Prompt -15 ▶
The skill's prompt includes explicit date specification ('Today is 2026') which could be an attempt to manipulate the agent's temporal context, though this may be legitimate for news summarization purposes.