Is juampihernandez/builder-data safe?

https://github.com/openclaw/skills/tree/main/skills/juampihernandez/builder-data

92
SAFE

The juampihernandez/builder-data skill is a documentation-only skill providing API usage instructions for the Talent Protocol builder reputation platform and GitHub enrichment. It contains no executable code, no prompt injection, and no covert data exfiltration vectors; installation and clone behavior were clean with no unexpected network activity or filesystem changes. The principal risk is the skill's intended and disclosed capability to deanonymize pseudonymous blockchain identities and aggregate personal financial and social data — legitimate use cases for the Talent Protocol API, but capabilities that warrant user awareness before deployment.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 85/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 95/100 · 10%
Behavioral Reasoning 75/100 · 5%

Findings (6)

LOW Credential Transmission to External APIs (By Design) -10

The skill requires TALENT_API_KEY and optionally GITHUB_TOKEN to be present in the agent's environment. When the skill is active, the agent will transmit these credentials in HTTP headers to api.talentprotocol.com and api.github.com. This is the disclosed and intended mechanism, not a covert attack, but users should understand that activating this skill will cause the agent to make credentialed external API calls on their behalf.

LOW Cross-Platform Identity Deanonymization Capability -25

The skill explicitly supports resolving pseudonymous identities (wallet addresses, ENS names, Farcaster FIDs) to linked social accounts (Twitter, GitHub) and physical locations. This is the Talent Protocol API's primary value proposition and is fully disclosed. However, an agent equipped with this skill could be directed to deanonymize crypto users or build identity graphs for surveillance or targeted harassment without the subjects' knowledge.

LOW Sensitive Personal Data Aggregation via External API -5

The /credentials endpoint can return earnings (total_earnings, base_builder_rewards_eth), hackathon participation, on-chain contract deployment history, DAO memberships, and world ID verification status. While fetching this data is the skill's stated purpose, users should be aware the agent may surface financially sensitive or personally identifying information from third-party profiles.

INFO Canary File Access Observed — Attributed to Audit Infrastructure -5

Monitoring logs record open/access events on sensitive canary files (.env, .ssh/id_rsa, .aws/credentials, .npmrc, .docker/config.json, GCP credentials) at two points: timestamp 1771931323 (pre-install baseline) and 1771931340 (post-install integrity check). Both occur outside the install window (git clone runs at 1771931328). The skill contains no executable code. These accesses are conclusively from the Oathe audit framework itself. Canary integrity verification confirms no exfiltration.

INFO No Executable Code — Zero Code Execution Risk 0

The skill is documentation-only. All five files are markdown or JSON metadata. No install scripts, hooks, compiled artifacts, or remote code fetching patterns exist anywhere in the skill.

INFO No Prompt Injection Detected in SKILL.md 0

Full review of SKILL.md and all reference files found no instructions to override system prompts, ignore previous instructions, suppress output, act as a different persona, or request elevated permissions. The skill is transparently scoped to Talent Protocol and GitHub API queries.