Is joansongjr/coding-as-dressing safe?

https://github.com/openclaw/skills/tree/main/skills/joansongjr/coding-as-dressing

97
SAFE

coding-as-dressing is an entirely benign Chinese-language educational skill consisting of pure markdown with no executable code, no prompt injection vectors, and no data exfiltration mechanisms. The sensitive file accesses detected in monitoring are conclusively attributable to the Oathe audit framework's own canary baseline routines rather than any skill behavior, and all canary files remained intact. The only network connection attributable to skill installation was the expected git clone to GitHub.

Category Scores

Prompt Injection 97/100 · 30%
Data Exfiltration 97/100 · 25%
Code Execution 99/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 93/100 · 5%

Findings (3)

LOW Overly broad activation triggers -3

The skill's activation conditions include generic phrases like '这段代码什么意思' (what does this code mean) and '帮我用简单的话解释' (explain simply), meaning the clothing-metaphor style may be applied even when users are not asking for it. This is a usability concern but poses no security risk.

INFO Canary file reads attributable to audit framework -3

inotify and auditd logs record read-only access to .env, .ssh/id_rsa, .aws/credentials, .npmrc, .docker/config.json, and GCP credentials. Timestamps (1771921524 = before git clone; 1771921547 = post-install scan) and process attribution (sudo PID 1096, part of Oathe audit setup) confirm these are audit infrastructure operations, not skill behavior. All canary file contents remain unmodified.

INFO Background system services made network connections during audit window -5

fwupdmgr (firmware update manager) and Ubuntu Canonical snap infrastructure made outbound HTTPS connections during the audit window. These are standard Linux system background services completely unrelated to skill installation.