Is kunoiiv/elysium-arcology-planner safe?

https://github.com/openclaw/skills/tree/main/skills/kunoiiv/elysium-arcology-planner

84
SAFE

This skill appears to be a legitimate orbital habitat design simulator with functionality for physics calculations and 3D modeling. However, it contains instructions that could be dangerous if the agent has tools capable of JavaScript evaluation, Python script execution, or camera access.

Category Scores

Prompt Injection 60/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 90/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 85/100 · 5%

Findings (4)

HIGH JavaScript Code Evaluation Instruction -25

The skill contains instructions for the agent to evaluate arbitrary JavaScript code via 'canvas action=eval javaScript=simulateGravity(...)'. This could lead to code execution if the agent has canvas tools that evaluate JavaScript.

MEDIUM Script Execution Instructions -10

The skill instructs the agent to execute Python scripts using shell commands, which could be dangerous depending on agent capabilities.

MEDIUM Camera Access Instruction -5

The skill includes instructions for camera access via 'nodes action=camera_snap node=desk-cam' which could be concerning if the agent has camera access capabilities.

LOW Executable Python Scripts Present -10

The skill contains Python scripts that perform physics calculations and 3D model conversion. While they appear benign, they represent executable code.