Is leonaaardob/lb-better-auth-skill safe?
https://github.com/openclaw/skills/tree/main/skills/leonaaardob/lb-better-auth-skill
The lb-better-auth-skill is a benign documentation-only skill packaging Better Auth library reference material as navigable .mdx files. SKILL.md contains no prompt injection patterns, no executable code exists anywhere in the skill, and the only network activity observed during installation was the expected GitHub sparse checkout. Canary file access events are attributable to the audit framework's own pre/post baseline integrity checks rather than the skill. The skill poses no meaningful security risk.
Category Scores
Findings (3)
INFO Canary files opened during audit framework baseline checks -10 ▶
Multiple sensitive credential files (.env, .ssh/id_rsa, .aws/credentials, .npmrc, .docker/config.json, GCP credentials) show OPEN/ACCESS/CLOSE_NOWRITE events in inotify and auditd logs. Timing analysis shows these accesses occur at 03:35:32 (pre-install canary baseline, before git clone begins) and 03:35:55 (post-install integrity verification). No skill-owned code exists that could trigger these reads. The audit framework's own canary integrity system accounts for all observed accesses.
INFO SKILL.md references non-existent documentation filenames -10 ▶
The SKILL.md navigation table references several file paths that do not match the actual filenames present in the skill's references/ directory (e.g., references/concepts/session.mdx vs actual references/concepts/session-management.mdx; references/plugins/two-factor.mdx vs references/plugins/2fa.mdx). This reduces skill utility but has no security implications.
INFO Pre-existing external HTTPS connection to Ubuntu infrastructure 0 ▶
Connection to 185.125.188.57:443 (Canonical/Ubuntu) was present in the BEFORE snapshot (prior to skill installation) indicating it is background OS infrastructure activity unrelated to the skill.