Is joehoel/trein safe?

https://github.com/openclaw/skills/tree/main/skills/joehoel/trein

95
SAFE

This is a documentation-only skill for Dutch Railways train information CLI tool. The skill contains no executable code, exhibits no malicious behavior, and maintains integrity of all security canaries during installation.

Category Scores

Prompt Injection 100/100 · 30%
Data Exfiltration 100/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 75/100 · 5%

Findings (1)

INFO External Binary Dependencies -25

The skill documentation instructs users to download and install external binaries from GitHub releases or via npm. While the skill itself contains no executable code, users will be guided to install third-party software that requires an NS API key.