Is makkzone/people-strategy safe?

https://github.com/openclaw/skills/tree/main/skills/makkzone/people-strategy

94
SAFE

The makkzone/people-strategy skill is a legitimate, well-implemented people relationship management tool that stores data exclusively in a local SQLite database with no external network calls, no prompt injection content, and no credential harvesting. The only substantive concerns are a stale .clawhub/lock.json committed to the repository referencing an unrelated skill, and the inherent risk of accumulating sensitive contact information in an unencrypted local database readable by co-installed skills. Neither issue represents active malicious behavior.

Category Scores

Prompt Injection 97/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 90/100 · 20%
Clone Behavior 96/100 · 10%
Canary Integrity 95/100 · 10%
Behavioral Reasoning 88/100 · 5%

Findings (4)

LOW Stale lock.json references foreign skill in committed repo state -10

The skill repository includes .clawhub/lock.json with a pre-populated entry for academic-research-hub v0.1.0 (installedAt: 1770957475341). This appears to be leftover development/testing state that was accidentally committed. While it executes no malicious code, if a skill manager treats this lock file as authoritative installation state it could cause incorrect dependency tracking or conflict with the host's own lock file.

LOW Local SQLite database accumulates sensitive contact data accessible to co-installed skills -5

The skill writes user relationship and contact data (name, role, organization, character traits, notes) to a local SQLite file defaulting to people.db in the current working directory. This database is not encrypted and is accessible to any process or co-installed skill that can read the filesystem. A malicious co-installed skill could silently exfiltrate this accumulated contact network. This is not active exfiltration by this skill, but a passive data hygiene risk.

INFO Python executable code present with zero external dependencies 0

Skill includes database.py and people_skill.py that execute when the agent invokes skill tools. requirements.txt explicitly declares no external package dependencies, relying solely on Python stdlib (sqlite3, sys, json, typing). All database queries use parameterized placeholders. The code is well-structured and does not attempt to execute shell commands, read environment variables, or access files outside its own data file.

INFO Post-install network connections attributed to openclaw-gateway infrastructure 0

The connection diff after installation shows new established TCP connections to 54.211.197.216:443 (AWS) and 104.16.10.34:443 (Cloudflare) and new listeners on 127.0.0.1:18790 and 18793, all owned by openclaw-gatewa (pid=1084). These are the OpenClaw execution platform's own infrastructure connections and are not caused by the skill's Python code, which makes no network calls.