Is kr1json/ai-quota-check safe?

https://github.com/openclaw/skills/tree/main/skills/kr1json/ai-quota-check

81
SAFE

This skill provides legitimate AI service quota monitoring functionality but accesses sensitive authentication credentials and executes shell commands. While the functionality appears benign and serves a useful purpose, the access to authentication data and command execution present moderate security risks.

Category Scores

Prompt Injection 85/100 · 30%
Data Exfiltration 70/100 · 25%
Code Execution 75/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 75/100 · 5%

Findings (5)

MEDIUM Accesses AI service authentication credentials -20

The script reads authentication profiles from ~/.openclaw/agents/main/agent/auth-profiles.json containing API tokens for multiple AI services (Antigravity, Copilot, Codex)

MEDIUM Executes shell commands -15

The script uses execSync to run 'codex exec' commands to refresh rate limit data, which could be a potential attack vector

LOW Makes external API calls with user credentials -10

The script makes HTTPS requests to external APIs (Google Cloud, GitHub) using the user's authentication tokens

LOW Requests exact output display -15

The SKILL.md instructs the agent to display script output 'EXACTLY as-is' and 'do NOT summarize or rephrase', which could potentially be used for output manipulation

LOW Executable Node.js script with system access -10

The skill includes an executable Node.js script that has file system and network access capabilities