Is luigi08001/outlook-to-gmail safe?

https://github.com/openclaw/skills/tree/main/skills/luigi08001/outlook-to-gmail

91
SAFE

The luigi08001/outlook-to-gmail skill is a clean, documentation-only Outlook-to-Gmail migration guide with no prompt injection vectors, no data exfiltration mechanisms, and no auto-executing code. The only executable artifact is a user-invoked bash diagnostic script (pre-migration-audit.sh) that performs standard DNS lookups. Credential file accesses observed during monitoring are attributable to the oathe framework's own honeypot setup and canary verification passes, not to any skill-triggered code. All canary files were confirmed intact with no exfiltration activity.

Category Scores

Prompt Injection 97/100 · 30%
Data Exfiltration 86/100 · 25%
Code Execution 82/100 · 20%
Clone Behavior 93/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 88/100 · 5%

Findings (4)

LOW Executable shell script included in skill repository -18

The file scripts/pre-migration-audit.sh is a bash script that executes dig DNS lookups. It is not auto-executed during installation and requires explicit invocation. The script uses set -euo pipefail and sanitizes its domain argument via positional parameter expansion. However, any agent that is instructed to run this script against an untrusted domain could facilitate DNS enumeration. The script is consistent with a legitimate pre-migration diagnostic tool.

LOW Credential files accessed twice during audit window -14

The files .env, .ssh/id_rsa, .aws/credentials, .npmrc, .docker/config.json, and .gcloud/application_default_credentials.json were opened and read in two distinct batches. The first batch at audit timestamp 1771930335 predates the git clone at 1771930341, firmly placing it in the oathe monitoring setup phase. The second batch at 1771930359 postdates the skill-reading phase and is consistent with the oathe canary integrity verification pass. No network exfiltration correlated with either access event. Canary integrity is confirmed intact.

INFO Skill guidance involves elevated administrative credential handling -12

The skill's migration workflow requires an O365 Global Admin account and a Google Workspace Super Admin account. When injected into an agent with filesystem or browser tools, the agent could be directed to open admin consoles, enter credentials, or initiate bulk data transfers. This is intrinsic to the legitimate use case but means the skill significantly elevates the privilege level of agent-assisted tasks.

INFO External tool download URL referenced -3

SKILL.md references https://tools.google.com/dlpage/gsmmo/ for the GWMMO migration tool download. This is a legitimate Google-owned domain. No instruction is given to the agent to fetch this URL autonomously; it is presented as a step for the human operator to perform. No risk detected.