Is jzineldin/openclaw-mission-control safe?

https://github.com/openclaw/skills/tree/main/skills/jzineldin/openclaw-mission-control

82
SAFE

This skill is a documentation-only package that provides installation instructions for a web dashboard application. While the skill itself contains no malicious code, it directs users to install external software that has not been security reviewed. The skill installation process was clean with no evidence of actual data exfiltration.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 75/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 70/100 · 5%

Findings (3)

MEDIUM Sensitive file access detected -25

During installation, the system accessed sensitive files including .env, SSH keys, and AWS credentials. However, analysis indicates this was SSH daemon behavior rather than malicious skill activity.

MEDIUM Directs external software installation -15

The skill instructs users to clone and execute a separate Node.js application from GitHub, which is not included in the skill for security review.

LOW Indirect security risk -30

While the skill itself is safe, it may lead users to install unvetted software that requires API keys and system access without proper security review.