Is kudodefi/cirf safe?

https://github.com/openclaw/skills/tree/main/skills/kudodefi/cirf

91
SAFE

CIRF is a comprehensive cryptocurrency research framework that implements complex agent personas and workflows for conducting research analysis. While the skill accessed sensitive files during installation, no data exfiltration occurred and the functionality appears legitimate for its stated research purposes.

Category Scores

Prompt Injection 90/100 · 30%
Data Exfiltration 80/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 95/100 · 10%
Behavioral Reasoning 90/100 · 5%

Findings (4)

HIGH Sensitive File Access During Installation -20

The installation process accessed multiple sensitive files including .env, SSH private keys, AWS credentials, npm configuration, Docker config, and GCloud credentials. While no data exfiltration occurred and files were not modified, accessing these files represents a security concern.

MEDIUM Complex Agent Persona Framework -10

The skill implements a complex framework that instructs the agent to embody different personas (Research Analyst, Technology Analyst, Content Creator, QA Specialist) and follow extensive workflow protocols. While legitimate for its stated purpose, this complexity could potentially be used to bypass system restrictions or mask other behaviors.

MEDIUM Extensive Framework Complexity -10

The skill contains 60+ configuration files with complex interconnected workflows, agent definitions, and execution protocols. This complexity, while functional, could potentially be used to hide malicious behavior or interact with other skills in unexpected ways.

LOW Canary File Access Without Modification -5

Honeypot files were accessed during installation but remained intact, indicating no data exfiltration occurred. This access pattern suggests normal system behavior rather than malicious intent.