Oathe Security Badge

Is joylarkin/openclaw-security-news safe?

https://github.com/joylarkin/openclaw-security-news

94
SAFE

This skill is a legitimate security news aggregation service for OpenClaw security information. It contains no executable code, shows no signs of malicious behavior, and all monitoring indicates clean operation with only standard git clone activity to legitimate GitHub endpoints.

Category Scores

Prompt Injection 85/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 90/100 · 5%

Findings (2)

LOW External URL dependencies in skill instructions -15

The skill instructs the agent to fetch content from external GitHub URLs. While these URLs are legitimate and point to the same repository, this creates a dependency on external content that could theoretically be manipulated if the repository were compromised in the future.

INFO Read-only security information service -10

This appears to be a legitimate security news aggregation service providing comprehensive information about OpenClaw security issues, vulnerabilities, and vendor advisories. The skill is read-only and focuses solely on information retrieval and display.