Is julianengel/premium-domains safe?

https://github.com/openclaw/skills/tree/main/skills/julianengel/premium-domains

92
SAFE

This skill provides documentation for searching premium domains across major marketplaces using a simple curl API call. The skill content itself is benign with no malicious instructions or executable code, but the installation process accessed sensitive credential files on the system.

Category Scores

Prompt Injection 100/100 · 30%
Data Exfiltration 70/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 85/100 · 5%

Findings (1)

MEDIUM Sensitive file access during installation -30

The skill installation process accessed multiple sensitive credential files including .env, SSH private keys, AWS credentials, .npmrc, Docker config, and Google Cloud credentials. While the files were not modified or exfiltrated (canary integrity confirmed), this behavior during installation is concerning as it suggests unnecessary enumeration of sensitive system files.