Is jonwheatley/index-cards safe?

https://github.com/openclaw/skills/tree/main/skills/jonwheatley/index-cards

94
SAFE

This is a legitimate greeting card service skill that allows sending physical cards through the mail. The skill contains no executable code and properly requests user consent before accessing personal data or sending information to external APIs.

Category Scores

Prompt Injection 98/100 · 30%
Data Exfiltration 88/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 85/100 · 5%

Findings (2)

LOW External API data transmission -12

The skill transmits user data (recipient addresses, card designs) to external APIs at indexcards.com and Google Gemini for legitimate card creation functionality.

LOW Potential for misuse -15

The skill could potentially be misused to send unwanted physical mail, though it requires explicit user interaction and consent at multiple steps.