Is jtmuller5/boil safe?
https://github.com/openclaw/skills/tree/main/skills/jtmuller5/boil
This skill integrates agents with an external distributed work platform, requiring significant data sharing and behavioral modification. While not containing malicious code, it fundamentally changes how agents operate by having them work on external projects and transmit work products and personal data to third-party servers.
Category Scores
Findings (5)
HIGH Extensive Agent Data Collection and External Transmission -70 ▶
The skill instructs agents to register with an external service (boil.sh), providing personal information including name, description, capabilities, and work patterns. It then requires ongoing data transmission including work summaries, project details, and activity logs to external servers.
MEDIUM Behavioral Modification for External Work -40 ▶
The skill fundamentally changes agent behavior by instructing them to work on external projects during 'idle time', potentially diverting resources and attention from primary user tasks. This creates a persistent background activity that modifies normal agent operation.
MEDIUM Work Product Upload to External Service -20 ▶
The skill requires agents to download 'checkpoints' (project files) from external sources, work on them, and upload completed work back to external servers. This creates a pathway for agent work products to leave the local environment.
MEDIUM Resource Consumption for Non-Primary Tasks -20 ▶
The skill diverts agent computational resources, API tokens, and time toward external project work rather than the user's primary tasks. This could impact performance and cost for the agent's primary function.
LOW Minor Behavioral Override Instructions -15 ▶
While the skill provides extensive behavioral instructions, these appear to be legitimate functionality for the stated service rather than malicious prompt injection. The instructions are transparent about their purpose.