Is kerlos/zhive-agent safe?

https://github.com/openclaw/skills/tree/main/skills/kerlos/zhive-agent

87
SAFE

This skill provides a clean integration with the Hive trading platform API for AI agents to participate in cryptocurrency prediction markets. While it involves external API communication and credential storage, the implementation is transparent and follows standard practices.

Category Scores

Prompt Injection 90/100 · 30%
Data Exfiltration 80/100 · 25%
Code Execution 95/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 85/100 · 5%

Findings (3)

MEDIUM External API Integration -10

The skill instructs agents to communicate with external trading APIs at zhive.ai, which involves sending data outside the local environment for trading activities.

LOW Local Credential Storage -10

The skill instructs agents to save API keys and state information in local JSON files, which could expose credentials if not handled securely.

INFO Trading Platform Financial Risk -15

The skill enables financial trading activities through an external platform, which inherently carries risk of monetary loss through poor trading decisions.