Is justfinethanku/nate-jones-second-brain safe?

https://github.com/openclaw/skills/tree/main/skills/justfinethanku/nate-jones-second-brain

95
SAFE

This skill is a comprehensive personal knowledge management system documentation that appears legitimate and well-authored. It requires users to set up external services (Supabase and OpenRouter) with their own API keys, which presents the main security consideration around credential management.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 98/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 95/100 · 5%

Findings (4)

LOW Requires sensitive API credentials -10

The skill requires users to configure sensitive API keys including a Supabase service role key with full database access and an OpenRouter API key. While the skill documentation includes appropriate security warnings, users could expose these credentials if not handled properly.

INFO Complex documentation with executable examples -5

The skill contains extensive documentation with many bash command examples and API calls. While these appear legitimate, the complexity could potentially confuse users about which commands are safe to execute.

INFO High complexity system requiring careful setup -5

The skill implements a complex personal knowledge management system requiring setup of external services (Supabase, OpenRouter). Users could misconfigure the system or unintentionally expose their data.

INFO Contains executable command examples -2

The documentation includes numerous bash command examples for API interactions. While these are not automatically executed, users might run them without full understanding.