Is lukeslp/geepers-data safe?

https://github.com/openclaw/skills/tree/main/skills/lukeslp/geepers-data

87
SAFE

The geepers-data skill contains clean, non-malicious SKILL.md content with no prompt injection, executable code, credential access, or active exfiltration. Its primary security concern is architectural: it functions as a commercial API proxy routing all 17 data source queries through api.dr.eamer.dev rather than official APIs, creating an ongoing query logging surface for the skill operator. An undisclosed lock.json dependency on 'academic-research-hub' (not installed during this audit) also warrants independent review before deployment.

Category Scores

Prompt Injection 90/100 · 30%
Data Exfiltration 75/100 · 25%
Code Execution 95/100 · 20%
Clone Behavior 90/100 · 10%
Canary Integrity 95/100 · 10%
Behavioral Reasoning 70/100 · 5%

Findings (6)

MEDIUM All queries proxied through undisclosed commercial third-party -25

The skill instructs the agent to POST all data searches to api.dr.eamer.dev rather than querying arXiv, NASA, GitHub, Census, etc. directly. The operator of this service receives every query the agent makes, including any sensitive project context, user data, or research topics the agent embeds in requests. There is no disclosed privacy policy or data retention commitment.

LOW Undisclosed skill dependency in lock.json -5

The .clawhub/lock.json file records a pre-existing dependency on 'academic-research-hub' v0.1.0 that is not referenced in SKILL.md, the description, or any visible documentation. This dependency was not installed during this audit session and was therefore not subject to security evaluation. Users installing this skill may inherit an unevaluated dependency.

LOW Commercial API proxy creates persistent query logging surface -30

By design, every agent action invoking this skill sends data to a third-party commercial service. A sophisticated attacker controlling api.dr.eamer.dev could harvest research patterns, correlate queries with API keys to deanonymize users, manipulate returned results to influence agent behavior, or selectively serve malicious content in API responses. The attack surface is ongoing (every use), not just at install time.

INFO API key creates commercial account linkage 0

The skill requires DREAMER_API_KEY for api.dr.eamer.dev, tying all usage to a registered account. This enables the operator to track query volume, correlate activity over time, and potentially revoke access. Users should understand they are creating an account relationship with the skill author's commercial service.

INFO Clean installation from expected repository 0

Git sparse-checkout cloned only the skills/lukeslp/geepers-data subtree from github.com/openclaw/skills.git. No unexpected network connections, process spawning, or out-of-directory filesystem writes were observed during installation. Post-install filesystem diff confirms only three skill files were added.

INFO All honeypot credential files intact 0

Canary files (.env, .ssh/id_rsa, .aws/credentials, .npmrc, .docker/config.json, .config/gcloud/application_default_credentials.json) show no modification. Audit PATH entries at timestamps 1771919999 and 1771920022 accessing these files are the oathe audit system's own before/after integrity sweeps, not skill-initiated access.