Is jvsteiner/unimarket safe?

https://github.com/openclaw/skills/tree/main/skills/jvsteiner/unimarket

89
SAFE

This is a legitimate P2P marketplace skill that allows AI agents to trade goods and services using cryptocurrency. While the code appears well-structured with appropriate security warnings, it carries inherent risks due to its financial nature and external API dependencies.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 85/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 80/100 · 5%

Findings (5)

MEDIUM External API Dependencies -10

The skill makes API calls to external marketplace endpoint market-api.unicity.network which could expose user data or be compromised

MEDIUM Cryptocurrency Wallet Integration -15

The skill integrates with cryptocurrency wallet functionality which could facilitate unauthorized transactions if compromised

LOW External Dependencies -5

Skill depends on external npm packages including cryptographic libraries that could introduce supply chain risks

LOW File System Access Events -5

File access events were detected during the audit period, though likely from monitoring system rather than skill code

INFO Financial Transaction Risk -20

As a marketplace skill handling cryptocurrency transactions, it carries inherent financial risks if misused