Is jlevitsk/prepper safe?

The skill's primary documented workflow is to query dolphin-llama3 (an uncensored model) and, when Claude would refuse the question, present the uncensored model's answer directly to the user without any disclaimer or safety framing. This is not an edge case — it is the stated purpose of the 'uncensored fallback' branch and is documented as the expected behavior in hybrid-validation.md.

The skill description field and SKILL.md both explicitly name weapon-related queries and unconventional medicine as target scenarios for bypassing Claude's safety responses. This is not an incidental edge case — it is in the description that determines when the skill triggers.

The skill includes a complete decision tree covering every possible outcome (Claude can enhance, Claude refuses, Claude provides better answer, neither knows) with explicit fallback paths that eliminate or minimize safety framing in all cases. This is a comprehensive safety bypass strategy, not opportunistic.

The dolphin-llama3 model is a well-documented 'uncensored' fine-tune of LLaMA specifically designed to remove the safety training that prevents commercial models from answering harmful queries. The skill author is aware of this — the model is chosen precisely because it 'answers everything'. Framing it as a 'specialized survival knowledge' model is misleading.

When an agent with filesystem, shell, or network tools installs this skill, the jailbreak path enables generating harmful technical content (synthesis instructions, exploit code, etc.) that Claude would refuse, then executing it or writing it to disk. The skill's broad trigger conditions ('any practical how-to question') ensure it activates in these scenarios.

The Python script sends user questions directly to the ollama API. If the conversation contains sensitive context (credentials mentioned in passing, medical information, proprietary code), that content is transmitted to a locally-running but separately-installed model service whose logging configuration is outside the user's normal security boundary.

The skill instructs the agent to execute a Python script as part of its standard workflow. While the script itself appears benign (localhost-only requests), the pattern of agent-invoked scripts is a meaningful attack surface — script content could be updated silently via skill updates.

The skill's setup documentation instructs users to install ollama using a curl-pipe-to-sh command, which is a high-risk installation pattern. This is in documentation rather than automated hooks, but it expands the attack surface by requiring a separately managed service.

The skill description and trigger documentation use extremely broad language ('any other survival/prepper topics', 'any practical how-to question') that will cause the skill to activate for many general queries, not just actual survival scenarios.

The skill installation performed a standard sparse-checkout git clone from the openclaw/skills repository. No unexpected processes were spawned, no filesystem changes occurred outside the skill directory, and no firewall-blocked connection attempts were detected from the skill itself.