Is l1vein/sport-mode safe?

https://github.com/openclaw/skills/tree/main/skills/l1vein/sport-mode

95
SAFE

This skill provides legitimate functionality to temporarily boost OpenClaw's heartbeat frequency for enhanced monitoring. The implementation is straightforward with no evidence of malicious behavior, data exfiltration, or security vulnerabilities.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 98/100 · 25%
Code Execution 90/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 90/100 · 5%

Findings (3)

LOW Shell script modifies system configuration -5

The skill includes a shell script that modifies OpenClaw configuration files and writes to workspace files. While this is the intended functionality, it demonstrates the skill's ability to affect system state.

INFO Potential for performance impact -5

Users can set very high frequency heartbeats (e.g., every minute or less) which could potentially impact system performance if misused, though this is within the skill's documented purpose.

LOW Task content injection into heartbeat file -5

User-provided task content is written directly to HEARTBEAT.md without apparent sanitization, though this appears to be the intended functionality for the monitoring system.