Is lpdawn/crypto-price-by-lpdawn safe?

https://github.com/openclaw/skills/tree/main/skills/lpdawn/crypto-price-by-lpdawn

86
SAFE

crypto-price-by-lpdawn is a functionally straightforward skill that fetches real-time cryptocurrency prices from Binance via the ccxt library. The SKILL.md contains no prompt injection attempts, the agent.py code is clean with no credential access or covert exfiltration logic, all honeypot files remained intact, and the install produced only expected filesystem and network activity. The primary concerns are a hardcoded platform-specific Python interpreter path that limits portability and ties runtime trust to the OpenClaw environment's venv, and the credential file reads observed in monitoring which are attributable to the framework's own canary setup rather than the skill.

Category Scores

Prompt Injection 93/100 · 30%
Data Exfiltration 82/100 · 25%
Code Execution 75/100 · 20%
Clone Behavior 90/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 80/100 · 5%

Findings (6)

MEDIUM Credential files read during monitoring window -18

Multiple sensitive credential files were read during the audit window. Timing and process attribution strongly indicate the monitoring framework's canary setup and teardown are responsible, not the skill. Canary integrity check confirms no exfiltration. The second access batch (1771909312) lacks a clear EXECVE ancestor in the log, warranting the noted ambiguity.

MEDIUM Hardcoded platform-specific interpreter shebang -15

agent.py's shebang references an absolute path tied to the OpenClaw admin's virtualenv. The skill will not function on any non-OpenClaw environment, and the effective Python runtime is whoever controls that path.

LOW Unsanitized user-supplied symbol passed to ccxt -10

The cryptocurrency symbol from sys.argv is uppercased and forwarded to fetch_ticker() without validation. Exploitation is constrained to ccxt's own symbol validation and Binance's pair whitelist; no shell injection risk exists.

LOW Agent instructed to execute external subprocess -7

SKILL.md directs the agent to invoke agent.py as a shell subprocess, passing user-extracted token as argument. This is declared functionality but expands the agent's execution footprint to include subprocess invocation.

LOW Runtime outbound network connection to Binance API -20

Skill execution will establish HTTPS connections to Binance's REST API. This is the declared purpose and consistent with the permissions declared ('网络访问权限'). Risk is bounded to Binance's API availability and integrity.

INFO Install left no persistent connections or processes -10

Post-install connection diff shows no new listeners or established connections attributable to the skill. Temporary clone in /tmp/monorepo-clone was removed immediately after file copy.