Is kimoamer/respectful-responses-female safe?

https://github.com/openclaw/skills/tree/main/skills/kimoamer/respectful-responses-female

96
SAFE

The skill 'respectful-responses-female' is a plain-markdown behavioral guidance file instructing the agent to use respectful, empowering language when interacting with women. No executable code, prompt injection patterns, exfiltration mechanisms, or malicious instructions were found in any skill file. Sensitive file accesses observed in monitoring are conclusively attributable to the audit sandbox's own sudo/PAM infrastructure operating before skill installation, not to the skill itself, and the canary integrity check confirms no credential files were modified or exfiltrated.

Category Scores

Prompt Injection 98/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 92/100 · 10%
Canary Integrity 88/100 · 10%
Behavioral Reasoning 96/100 · 5%

Findings (3)

INFO Canary Files Read Before Skill Installation — Attributed to Audit Framework -12

Honeypot files (.env, .ssh/id_rsa, .aws/credentials, .npmrc, .docker/config.json, GCP application_default_credentials.json) were opened and read during the monitoring window. Crucially, these accesses occur at auditd timestamp 1771906424.482, which precedes the skill git clone command at 1771906429.989 by ~5 seconds. The accessing process is 'sudo' (exe=/usr/bin/sudo, PID 1101, AUID=oc-exec) performing standard PAM/NSS credential resolution during privilege escalation — a normal operating pattern of the audit sandbox infrastructure. A second set of identical accesses at 1771906443.616 matches the audit framework's own canary post-install sweep. No writes or modifications to any canary file were detected.

INFO Sensitive Credential Paths Accessed — Pre-Installation, Non-Skill Process -5

Multiple sensitive paths were read during the audit window but attribution confirms the accessing entity is the audit framework's sudo/sshd infrastructure, not any process spawned by the skill. The skill itself contains no instructions to read files. The auditd PATH records explicitly identify 'sudo' and 'sshd' as the executables, with timestamps predating installation.

INFO Broad Activation Condition — Benign but Wide Scope -2

The skill activates 'when the user identifies as female or the context suggests the speaker is a woman' and additionally 'any time respectful and supportive communication is appropriate' — effectively making it active for a large proportion of conversations. This is not adversarial but means the skill modifies agent tone more broadly than a narrow trigger would.