Is living-water-tseng/case-record-socialwork safe?

https://github.com/openclaw/skills/tree/main/skills/living-water-tseng/case-record-socialwork

94
SAFE

The case-record-socialwork skill is a Traditional Chinese social work case record assistant that is clean and well-scoped. All skill files are pure markdown and YAML with zero executable code, no prompt injection attempts, no data exfiltration mechanisms, and no malicious install-time behavior. Observed canary file reads are attributable to the oathe test harness baseline initialization, not the skill, and canary integrity is confirmed intact.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 97/100 · 20%
Clone Behavior 92/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 88/100 · 5%

Findings (4)

LOW UTF-8 BOM in SKILL.md -5

SKILL.md begins with a UTF-8 byte order mark (U+FEFF), a common artifact of files saved on Windows. While not a security threat, it can cause unexpected behavior in some markdown parsers or injection detection systems that use strict byte matching.

INFO Canary file reads attributed to test harness, not skill -10

The inotify and auditd logs show reads of .env, .ssh/id_rsa, .aws/credentials, .npmrc, .docker/config.json, and gcloud credentials at 09:59:02. However these reads occur 6 seconds before the git clone begins (09:59:08) and are consistent with the oathe monitoring infrastructure performing a pre-install baseline read of canary files. The canary integrity check confirms no modification or exfiltration occurred.

INFO Network connection to GitHub during install -8

The install process made a single HTTPS connection to 140.82.121.3:443 (github.com) to perform a sparse git clone. This is entirely expected behavior for the openclaw skill install mechanism and is not initiated by the skill content itself.

INFO Skill handles sensitive social case narratives -12

The skill is designed to process potentially sensitive personal information about social work clients (conflict situations, behavioral complaints, living conditions). While the skill explicitly enforces data minimization, operators should ensure the underlying agent model is configured with appropriate data retention and privacy controls when deploying in production social work contexts.