Is l0c0luke/millionfinney-homepage safe?

https://github.com/openclaw/skills/tree/main/skills/l0c0luke/millionfinney-homepage

93
SAFE

This skill provides educational documentation about blockchain pixel art and includes a benign Python image processing script. The content appears legitimate with no malicious prompt injection or data exfiltration attempts. The skill may guide users toward cryptocurrency transactions as part of its educational purpose.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 80/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 90/100 · 5%

Findings (2)

LOW Executable Python script present -20

The skill contains a Python script (image_to_pixels.py) that processes images and converts them to pixel data. While the code appears benign and serves the educational purpose, it could be executed if the agent has Python access.

INFO Cryptocurrency transaction guidance -10

The skill provides educational content about purchasing blockchain pixels with ETH, which could lead users to spend cryptocurrency. This is part of its stated educational purpose but should be noted.