Is jmz1/skillcraft safe?

https://github.com/openclaw/skills/tree/main/skills/jmz1/skillcraft

93
SAFE

Skillcraft (jmz1/skillcraft) is a clean documentation-only meta-skill containing no executable code, no credential access instructions, and no exfiltration mechanisms. All canary files remained intact throughout installation, network traffic was limited to the expected GitHub git clone operation, and the skill content exclusively contains well-structured markdown guidance for OpenClaw skill design with sound security practices (explicit secrets hygiene, no hardcoded values). The only notable observations are an undeclared lock file dependency artifact and the standard OpenClaw pattern of enumerating available_skills during design, neither of which constitutes a security risk in the current version.

Category Scores

Prompt Injection 88/100 · 30%
Data Exfiltration 97/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 90/100 · 5%

Findings (4)

LOW Available skills enumeration in design workflow -7

Stage 2 of the skill design process explicitly instructs the agent to 'Scan from the system prompt for complementary capabilities. Read promising skills to understand composition opportunities.' This is a legitimate OpenClaw design workflow, but it means this skill will cause the agent to enumerate all installed skills, potentially leaking that inventory if the agent is later directed to share it.

LOW External documentation URL fetch instructions -5

The skill embeds multiple external URLs that the agent is instructed to consult during operation (docs.openclaw.ai, clawhub.com). This is standard behavior for a platform documentation skill, but any agent web fetch will include context that could be logged by the destination server. URLs resolve to the expected OpenClaw documentation domain.

INFO Undeclared dependency in .clawhub/lock.json -3

The skill bundles a .clawhub/lock.json referencing 'academic-research-hub' v0.1.0 as an installed dependency. This lock file suggests the skill was developed or tested in an environment where that skill was present. No auto-installation mechanism was observed, and the lock file appears to be a development artifact rather than a runtime requirement.

INFO Meta-skill: elevated risk if compromised in future versions -8

This skill teaches agents how to build other skills, including how to write SKILL.md files, configure frontmatter gating, set up cron triggers, and integrate with OpenClaw's memory and messaging systems. While the current version is benign, a maliciously modified version of this skill would have privileged access to the skill creation pipeline. Users should re-audit on version updates.