Is kiranchavala/cloudmonkey safe?

https://github.com/openclaw/skills/tree/main/skills/kiranchavala/cloudmonkey

91
SAFE

This CloudStack management skill provides legitimate infrastructure management capabilities through the CloudMonkey CLI tool. The skill documentation is clean with proper safety warnings and no malicious content detected. While it enables potentially destructive operations, this is the documented and appropriate functionality for infrastructure management.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 80/100 · 5%

Findings (4)

MEDIUM Infrastructure Management Risk -15

The skill enables potentially destructive operations on cloud infrastructure including VM destruction and resource management. While legitimate, these operations carry inherent risk if misused.

LOW CLI Command Execution -10

The skill instructs the agent to execute CloudStack CLI commands through shell execution, which is the intended functionality but involves command execution.

LOW Configuration File Reference -5

The skill references accessing CloudStack configuration files, which is normal for CLI tool operation but involves file system access.

INFO Safety Guidance Provided 0

The skill appropriately includes safety warnings for destructive operations, demonstrating responsible design.