Is martingalovic/onlyfans-api safe?

https://github.com/openclaw/skills/tree/main/skills/martingalovic/onlyfans-api

96
SAFE

This skill provides a legitimate API wrapper for OnlyFansAPI.com platform with clear documentation and standard API authentication patterns. No malicious behavior, prompt injection attempts, or data exfiltration was detected during installation or in the skill content.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 95/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 95/100 · 5%

Findings (3)

INFO API key environment variable required -5

Skill requires ONLYFANSAPI_API_KEY environment variable to function. This is standard for API authentication but users should be aware of credential requirements.

INFO External documentation reference -5

Skill references external documentation at docs.onlyfansapi.com. While legitimate for this API wrapper, users should verify URL authenticity.

INFO Bash commands for API calls -5

Skill contains curl and jq bash commands for API interaction. These are legitimate API calls but involve shell execution.