Is lc0rp/create-plugin safe?

https://github.com/openclaw/skills/tree/main/skills/lc0rp/create-plugin

100
SAFE

This is a legitimate development skill for creating OpenClaw plugins from natural language requests. The skill contains clean documentation and code examples with no malicious content, prompt injection attempts, or data exfiltration mechanisms.

Category Scores

Prompt Injection 100/100 · 30%
Data Exfiltration 100/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 95/100 · 5%

Findings (1)

LOW Plugin creation tool could theoretically enable malicious development -5

While the skill itself is benign, it provides instructions for creating OpenClaw plugins that run in-process with the gateway. If a user specifically requests creation of a malicious plugin, this skill would assist in that task.