Is marcindudekdev/curlship safe?

https://github.com/openclaw/skills/tree/main/skills/marcindudekdev/curlship

92
SAFE

This is a documentation-only skill that provides API reference for the CurlShip directory service. The skill contains no executable code and presents minimal security risk, with only standard data transmission to the documented external API.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 85/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 90/100 · 5%

Findings (3)

INFO External API Data Transmission -15

The skill facilitates sending user-provided URLs and email addresses to the external CurlShip API (curlship.com). While this is the intended and documented functionality, users should be aware that data leaves their local environment.

LOW Standard Git Clone Operations -5

Normal git clone behavior observed with connections to GitHub for repository download. No suspicious activity detected.

LOW External Service Dependency -10

The skill depends on the external CurlShip service (curlship.com) for its functionality. Service availability and privacy policies are outside the skill's control.