Is kk17/nlb safe?

https://github.com/openclaw/skills/tree/main/skills/kk17/nlb

96
SAFE

The kk17/nlb skill is a minimal, benign markdown document providing step-by-step navigation instructions for Singapore's National Library Board website. No malicious content, prompt injection, executable code, git hooks, submodules, or exfiltration attempts were detected in the skill or during its installation. Canary file integrity was preserved and the only network activity was the expected GitHub clone connection.

Category Scores

Prompt Injection 97/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 95/100 · 5%

Findings (3)

INFO Login requires credential interaction -3

The skill instructs the agent to authenticate using the user's myLibrary credentials. This is intentional and disclosed, but users should be aware that enabling this skill allows the agent to interact with their library account login page.

INFO No adversarial prompt patterns detected 0

SKILL.md was fully reviewed. No instructions to override prior context, ignore system prompts, suppress output, change persona, or request excessive permissions were found. Content is plain instructional markdown.

INFO Only expected skill files installed 0

Filesystem diff shows exactly two files added: SKILL.md and _meta.json in the skill-under-test directory. No unexpected files, directories, or persistent background processes were created.