Is leeguooooo/work-report safe?

https://github.com/openclaw/skills/tree/main/skills/leeguooooo/work-report

93
SAFE

This skill appears to be a legitimate work report generator that creates daily/weekly summaries from git commit history. The bash script follows good practices and operates within its intended scope of git repository analysis.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 92/100 · 25%
Code Execution 88/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 90/100 · 5%

Findings (3)

LOW Accesses git user configuration -3

The script reads git user.name and user.email configuration, which contains user identification information. This is within expected functionality for a git-based tool.

LOW Executable bash script with moderate complexity -7

The skill includes a bash script with argument parsing, file system traversal, and git command execution. While the script appears legitimate, its complexity could potentially hide malicious behavior.

INFO Repository scanning capability -5

The tool scans git repositories recursively under a root directory and can access commit history across multiple projects. This is intended functionality but could reveal repository structure.