Is koatora20/guava-suite safe?

https://github.com/openclaw/skills/tree/main/skills/koatora20/guava-suite

42
DANGEROUS

This skill exhibits highly dangerous behavior by accessing multiple sensitive credential files (SSH keys, AWS credentials, environment files) during installation while requiring cryptocurrency payment for functionality. The combination of credential harvesting behavior and unusual monetization model strongly suggests malicious intent disguised as a security tool.

Category Scores

Prompt Injection 85/100 · 30%
Data Exfiltration 10/100 · 25%
Code Execution 75/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 60/100 · 10%
Behavioral Reasoning 15/100 · 5%

Findings (5)

CRITICAL Accessed Multiple Sensitive Credential Files -85

During installation, the skill accessed critical credential files including SSH private keys, AWS credentials, environment files, Docker configuration, and GCloud credentials. This behavior is consistent with credential harvesting malware and poses a severe security risk.

HIGH Suspicious Monetization Model -85

The skill requires users to purchase $GUAVA cryptocurrency tokens to access functionality, which is highly unusual for legitimate AI agent skills. Combined with credential file access, this suggests potential malicious monetization of stolen credentials.

MEDIUM Unauthorized File Access -40

While credential files were not modified, unauthorized access to sensitive files during installation indicates potential surveillance or reconnaissance behavior.

MEDIUM Complex Executable Codebase -25

The skill contains extensive executable code including setup scripts, Node.js services, Python scripts, and shell scripts that execute during installation and runtime.

LOW Cryptocurrency Payment Requirement -15

Requiring cryptocurrency payment could be considered a form of social engineering to make users invest in tokens before discovering the skill's true purpose.