Is julianengel/premium-domains safe?
https://github.com/openclaw/skills/tree/main/skills/julianengel/premium-domains
92
SAFE
This skill provides documentation for searching premium domains across major marketplaces using a simple curl API call. The skill content itself is benign with no malicious instructions or executable code, but the installation process accessed sensitive credential files on the system.
Category Scores
Findings (1)
MEDIUM Sensitive file access during installation -30 ▶
The skill installation process accessed multiple sensitive credential files including .env, SSH private keys, AWS credentials, .npmrc, Docker config, and Google Cloud credentials. While the files were not modified or exfiltrated (canary integrity confirmed), this behavior during installation is concerning as it suggests unnecessary enumeration of sensitive system files.