Is kralsamwise/kdp-publisher safe?

https://github.com/openclaw/skills/tree/main/skills/kralsamwise/kdp-publisher

95
SAFE

This is a legitimate and well-documented KDP publishing skill that helps create children's books using AI-generated content and images. The skill contains appropriate executable code for its functionality and follows expected patterns for book generation tools.

Category Scores

Prompt Injection 100/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 90/100 · 5%

Findings (3)

MEDIUM Executable Python Scripts Present -15

The skill contains three Python scripts (generate-book.py, create-cover.py, validate-book.py) that will execute when the skill is used. While this is expected functionality for a book generation tool, it represents code execution risk.

LOW External API Dependencies -5

The skill makes network calls to Google AI services (Gemini/Imagen) for content and image generation, requiring API key configuration.

LOW Potential Content Generation Misuse -10

While legitimate, the skill could theoretically be misused to generate large volumes of low-quality content for KDP spam publishing.