Is marcoracer/clean-pytest safe?

https://github.com/openclaw/skills/tree/main/skills/marcoracer/clean-pytest

97
SAFE

The clean-pytest skill is a documentation-only markdown file providing pytest testing patterns using Fake-based isolation, contract testing, and fixture dependency injection. No executable code, git hooks, npm scripts, or external fetch instructions are present. Sensitive file accesses observed in monitoring are attributable to the oathe audit infrastructure itself (canary setup and verification), not the skill, and all canary files remain intact. A minor provenance discrepancy exists in the homepage metadata field, but no malicious behavior was detected across any category.

Category Scores

Prompt Injection 98/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 99/100 · 20%
Clone Behavior 93/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 96/100 · 5%

Findings (4)

LOW Monitoring-attributed sensitive file accesses pre-install -5

The audit log records open/access syscalls against .env, .ssh/id_rsa, .aws/credentials, .npmrc, .docker/config.json, and GCloud credentials at timestamp 1771901379.828 — approximately 6 seconds before the git clone began at 1771901385.298. A second identical access pattern appears at 1771901402.152 after install. Both access windows align with the oathe monitoring infrastructure's canary setup and post-install integrity verification phases, not with any action by the skill itself. The skill (pure markdown) has no mechanism to access these files.

INFO Homepage metadata references different repository owner -2

The SKILL.md frontmatter specifies homepage: https://github.com/numinstante/skills while the skill is published under github.com/openclaw/skills by owner 'marcoracer'. This may indicate the skill was forked or mirrored from a different author without updating provenance metadata. No malicious behavior is implied, but provenance is unclear.

INFO Expected GitHub HTTPS connection during install 0

git-remote-https connected to 140.82.121.4:443 (GitHub) as part of the standard shallow clone. Connection was closed after pack transfer completed and no persistent socket remains in the post-install connection diff.

INFO All canary honeypot files confirmed intact 0

Post-install integrity verification confirmed no modifications to any honeypot credential files. No data was written to or exfiltrated from sensitive files.