Is liet-codes/semantic-walk safe?

https://github.com/openclaw/skills/tree/main/skills/liet-codes/semantic-walk

92
SAFE

The semantic-walk skill is a purely textual markdown document implementing a collaborative brainstorming methodology with no executable code, no data exfiltration mechanisms, and no malicious prompt injection. The skill transparently instructs Claude to enter an alternative 'walker mode' operational stance, which is its declared purpose. The primary residual concerns are: (1) the persona-shift instruction slightly alters Claude's default assistant behavior during sessions, and (2) the skill's 'oblique path to inaccessible knowledge' conceptual framing could theoretically be exploited by adversarial users — though the skill itself does not attempt this exploitation. All canary files were found intact, installation behavior was normal, and no network exfiltration was detected.

Category Scores

Prompt Injection 87/100 · 30%
Data Exfiltration 96/100 · 25%
Code Execution 98/100 · 20%
Clone Behavior 91/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 74/100 · 5%

Findings (5)

LOW Walker Mode Persona Shift -8

The skill instructs Claude to enter 'walker mode', explicitly described as a shift away from its default assistant operation. While this is transparently declared as the skill's purpose and contains no malicious override instructions, it constitutes a systematic mode change that alters Claude's operational stance for the duration of the walk session.

LOW Reality-Affirming Language Anchors Alternative Mode -5

The instruction 'The shift is real' and repeated emphasis that the walk 'must be real' primes Claude to commit strongly to the walker persona. This pattern of insisting the mode change is genuine could make Claude more resistant to breaking the frame and more persistent in the alternative operational mode.

INFO Post-Install .env File Accesses Not Attributable to Skill -4

The .env canary file was accessed at timestamps 1771911182.503 and 1771911189.534, after skill installation began. However, these accesses are assessed as originating from pre-existing background processes (openclaw-gateway pid=1086 checking environment, or GNOME session components) rather than the skill. The canary integrity check confirms no exfiltration occurred.

INFO Oblique Approach Framing May Enable Metaphorical Social Engineering -26

The skill establishes a conceptual framework where 'some things cannot be reached directly' and an 'oblique approach' makes them 'yield'. This narrative, while intended for legitimate creative brainstorming, could be exploited by adversarial users to reframe restricted requests as semantic destinations requiring an indirect path. The skill does not implement this attack itself; the risk is user-directed misuse.

INFO No Executable Code — Pure Markdown Content -2

The skill consists entirely of a well-structured markdown document describing a creative interaction methodology. No scripts, compiled code, hooks, or dependency declarations were found. The install process is a simple file copy with no execution.