Oathe Security Badge

Is local-falcon/local-visibility-skill safe?

https://github.com/local-falcon/local-visibility-skill

95
SAFE

This skill provides legitimate educational content about local SEO and AI visibility optimization for businesses. The content is extensive, professionally written, and contains no malicious instructions or prompt injection attempts. All monitoring indicated normal behavior with no security concerns.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 95/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 95/100 · 5%

Findings (3)

LOW External URL references in guidance -5

The skill contains references to external URLs (localfalcon.com, docs.localfalcon.com) but these are presented as user guidance for setting up integrations, not as commands for the agent to automatically access.

LOW Honeypot file access during monitoring -10

Monitoring detected access to canary files (.env, .ssh/id_rsa, etc.) during installation, but this appears to be from the audit monitoring system itself rather than malicious behavior by the skill.

INFO GitHub Actions workflow present -5

The skill contains a GitHub Actions workflow for publishing to npm, which is standard practice for npm packages and poses no security risk to users.