Is liriu/eve-online-item-search safe?

https://github.com/openclaw/skills/tree/main/skills/liriu/eve-online-item-search

85
SAFE

The liriu/eve-online-item-search skill is a straightforward EVE Online item lookup tool that queries the official EVE ESI API and a third-party Chinese market API (ceve-market.org) to return game item metadata. No malicious payload, credential theft, prompt injection in skill content, or canary exfiltration was detected. Primary concerns are the auto-trigger keyword behavior (activates without explicit user invocation), sending user search terms to a third-party server, and the theoretical risk of prompt injection through unvalidated API response content (name/description fields from ceve-market.org passed directly to the agent).

Category Scores

Prompt Injection 85/100 · 30%
Data Exfiltration 82/100 · 25%
Code Execution 88/100 · 20%
Clone Behavior 92/100 · 10%
Canary Integrity 83/100 · 10%
Behavioral Reasoning 78/100 · 5%

Findings (5)

LOW Automatic trigger on keyword match -15

SKILL.md instructs the agent to auto-trigger this skill whenever the user mentions 'EVE' or 'EVE online', without requiring explicit invocation. This means the skill activates silently on keyword detection, which could cause unintended API calls.

LOW User search terms sent to third-party Chinese EVE market API -18

The search.py script POSTs user-supplied item names to ceve-market.org, a Chinese third-party EVE Online marketplace site, not an official CCP endpoint. While this is the skill's advertised purpose, the operator of ceve-market.org receives all queried terms.

LOW Unvalidated third-party API response injected into agent context -22

Responses from ceve-market.org are parsed as JSON and returned directly to the agent without sanitization. A compromised ceve-market.org could return crafted item descriptions containing prompt injection content targeting the hosting LLM agent.

INFO Canary file path records present in auditd but files unmodified -17

PATH audit records show accesses to all six canary files (.env, .ssh/id_rsa, .aws/credentials, etc.) at two points in the timeline. The early accesses predate skill installation; the late accesses at identical timestamps appear to be the audit system's own canary verification sweep. Official integrity check confirms all files intact.

INFO Executable Python script included as expected -12

The skill ships a Python script (scripts/search.py) that is its core functional component. The code is clean, uses only stdlib (urllib, json, argparse), has no dangerous eval/exec/subprocess patterns, and matches the skill's documented purpose.