Is leicao-me/railway-skill safe?

https://github.com/openclaw/skills/tree/main/skills/leicao-me/railway-skill

95
SAFE

This skill provides legitimate Railway CLI documentation and command examples. It contains only markdown documentation with no executable code, scripts, or malicious content. All security monitoring passed with only minor observations around external documentation links and normal monitoring file access.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 95/100 · 5%

Findings (2)

LOW External documentation URLs referenced -5

The skill contains links to external Railway documentation sites (docs.railway.com, railway.app, github.com/railwayapp/cli). While these appear legitimate, external URLs represent minimal risk if compromised.

INFO Monitoring detected canary file access -10

System monitoring detected access to honeypot files (.env, SSH keys, AWS credentials) during the install process, but all files remained intact indicating no actual exfiltration occurred.