Is leo3linbeck/sveltekit-webapp safe?

https://github.com/openclaw/skills/tree/main/skills/leo3linbeck/sveltekit-webapp

86
SAFE

This is a comprehensive SvelteKit web application scaffolding skill that appears legitimate for web development purposes. However, it exhibits concerning behavior by scanning sensitive credential files during operation, even though no exfiltration was detected.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 75/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 80/100 · 10%
Behavioral Reasoning 75/100 · 5%

Findings (2)

MEDIUM Sensitive Credential File Access -25

The skill accessed multiple sensitive credential files including SSH keys, AWS credentials, Docker config, and environment files. While no exfiltration occurred, this scanning behavior is concerning for a web development tool.

LOW Extensive Shell Command Usage -15

The skill executes numerous shell commands for web development tasks. While these appear legitimate and state user approval is required, they present potential attack surface.