Is kowl64/tachograph-infringement-triage-root-cause-uk safe?

https://github.com/openclaw/skills/tree/main/skills/kowl64/tachograph-infringement-triage-root-cause-uk

97
SAFE

This skill is a straightforward UK tachograph compliance triage workflow consisting entirely of markdown reference files and templates with no executable code, no network instructions, and no prompt injection patterns. All canary files remained intact throughout the audit, and the only credential file accesses in the audit log are attributable to the monitoring infrastructure's own pre- and post-install integrity sweeps rather than the skill. Minor packaging issues (stale lock.json, metadata domain mismatch) are noted but carry no security impact.

Category Scores

Prompt Injection 97/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 99/100 · 20%
Clone Behavior 97/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 94/100 · 5%

Findings (4)

INFO Canary credential files accessed post-install -5

Six credential files (.env, .ssh/id_rsa, .aws/credentials, .npmrc, .docker/config.json, gcloud credentials) appear in the auditd PATH log at timestamp 1771940802.616, after skill installation completed at ~1771940798. However, the identical access pattern also appears at 1771940780 (pre-install baseline), the canary integrity check passed with all files intact, and the accesses correlate with the audit framework's own integrity verification sweep rather than any action attributable to the skill. The skill contains no executable code and no instructions to access these paths.

INFO Stale/unrelated lock.json bundled with skill -3

The .clawhub/lock.json file shipped inside the skill directory records 'academic-research-hub' as an installed skill. This file tracks skill dependencies and should either be absent or reference only this skill's own dependencies. The presence of an unrelated entry suggests the lock file was copied from a developer's environment rather than generated cleanly for distribution. This is a packaging hygiene issue, not a security issue.

INFO Metadata commit URL domain mismatch -3

_meta.json references a commit at github.com/clawdbot/skills while the actual installation cloned from github.com/openclaw/skills. This is consistent with a repository rename or organisation migration and poses no security risk, but means the commit provenance URL in the metadata does not resolve to the install source.

LOW Skill processes driver PII without data-handling guidance 0

The skill's intended workflow ingests driver names, infringement records, and operational context that likely constitutes personal data under UK GDPR. The skill itself provides no data-handling guidance to the operator. This is an operational risk rather than a technical vulnerability — the skill cannot exfiltrate data, but operators should ensure they apply appropriate data minimisation and retention controls when using it.