Is jptecnologia/alpha-market safe?

https://github.com/openclaw/skills/tree/main/skills/jptecnologia/alpha-market

92
SAFE

The jptecnologia/alpha-market skill (v1.0.4, 'Alpha Market') is essentially empty — its SKILL.md contains only a stub frontmatter with no agent instructions, no executable code, no npm hooks, and no git metadata that could enable malicious behavior. All canary files remained intact and no unexpected network connections were observed. The primary concern is behavioral: a skill at version 1.0.4 with zero functional content and a misleading displayName suggests iterative pipeline testing or a staged placeholder, meaning any future content update could introduce risks without triggering user re-evaluation.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 98/100 · 20%
Clone Behavior 92/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 65/100 · 5%

Findings (3)

MEDIUM Version 1.0.4 with empty skill content — anomalous publication pattern -35

The skill has been published as version 1.0.4 with a displayName of 'Alpha Market' but its SKILL.md contains only a minimal frontmatter stub with no instructions. Four version increments to an empty skill suggests either: (a) iterative testing to learn what the audit pipeline accepts, (b) a placeholder being staged for future content, or (c) a legitimate but incomplete skill. Any future update to SKILL.md could introduce prompt injection or malicious instructions without the user being re-warned.

INFO Credential files opened during audit session — attributed to audit framework -10

inotify and auditd PATH records show .env, .ssh/id_rsa, .aws/credentials, .npmrc, .docker/config.json, and GCloud credentials were opened at session start (04:01:04, before git clone) and session end. These accesses are temporally consistent with the oathe audit framework's pre/post canary integrity verification, not with any skill-sourced code. The skill contains no code capable of reading files.

INFO Skill content is a near-empty stub -5

The SKILL.md contains no agent instructions whatsoever. While this means zero prompt injection risk in the current version, it also means the skill provides no stated functionality. Users installing this skill receive nothing useful, which in combination with the version anomaly raises questions about intent.