Is jiazhougit/openclaw-skillguard safe?

https://github.com/openclaw/skills/tree/main/skills/jiazhougit/openclaw-skillguard

95
SAFE

SkillGuard is a legitimate security scanning tool written in Python that analyzes AI skills for potential security risks. The code appears well-structured and focused on static analysis without malicious behavior. While it contains executable code and operates in a security-sensitive context, it serves a beneficial security purpose.

Category Scores

Prompt Injection 100/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 90/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 95/100 · 5%

Findings (3)

MEDIUM Executable Python Security Scanner -10

The skill contains a Python script that performs file system scanning and analysis. While the code appears legitimate for security scanning purposes, executable code inherently carries some risk.

LOW Installation Environment File Access -5

During installation, the system environment accessed sensitive files like .env, SSH keys, and AWS credentials. While this appears to be from system processes rather than the skill itself, it indicates the installation occurred in a sensitive environment.

LOW Security Scanner Information Gathering -5

As a security scanning tool, this skill will analyze and report on other skills and system components, potentially gathering and exposing information about the system configuration.