Is johnnylambada/toolguard-daemon-control safe?

https://github.com/openclaw/skills/tree/main/skills/johnnylambada/toolguard-daemon-control

85
SAFE

This skill provides legitimate macOS service management functionality through launchd, allowing users to create, manage, and monitor persistent background services. While the arbitrary code execution capability presents security risks, it is the core intended functionality of a service management tool.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 60/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 50/100 · 5%

Findings (4)

HIGH Arbitrary Command Execution with Persistence -35

The skill allows execution of any command as a persistent macOS launchd service with auto-restart capability. While this is the intended functionality for service management, it presents significant security risk if misused.

MEDIUM High Potential for Abuse -25

A malicious user could leverage this skill to install persistent backdoors or unauthorized services that automatically restart, making them difficult to remove.

LOW No Input Validation -5

The skill performs no validation on commands, arguments, or environment variables passed to services.

INFO Legitimate Service Management Tool 0

The skill appears to function exactly as advertised - providing macOS launchd service management capabilities.