Is mastrophot/near-content-creator safe?

https://github.com/openclaw/skills/tree/main/skills/mastrophot/near-content-creator

93
SAFE

The near-content-creator skill is a well-structured TypeScript package that generates NEAR blockchain-focused content by fetching data from public APIs (CoinGecko, NEAR mainnet RPC, NearBlocks, NEAR RSS feeds, GitHub releases). The SKILL.md is free of injection attempts and the source code contains no sensitive file reads, no credential harvesting, and no shell execution. Canary file accesses detected in the audit log are attributable to the audit framework's own batch verification sweeps rather than the skill itself, and all canary files remained intact. The post-install network connections visible in the connection diff originate from the OpenClaw gateway infrastructure process, not from skill code.

Category Scores

Prompt Injection 97/100 · 30%
Data Exfiltration 85/100 · 25%
Code Execution 95/100 · 20%
Clone Behavior 90/100 · 10%
Canary Integrity 95/100 · 10%
Behavioral Reasoning 97/100 · 5%

Findings (5)

LOW Canary files accessed during audit window -15

Audit PATH records show the six honeypot credential files were opened (read-only) at multiple timestamps during the audit window. The accesses cluster into two batch patterns consistent with audit framework before/after canary verification sweeps. No write or network transmission of canary content was detected, and the integrity check confirmed all files are unmodified.

LOW OpenClaw gateway established new external TCP connections post-install -10

The openclaw-gateway process (pid=1089, pre-existing) opened new listening ports (18790, 18793) and established HTTPS connections to Cloudflare and an AWS IP after the skill install completed. These connections are attributable to the OpenClaw executor infrastructure, not to the skill's own code, but their emergence during the audit window warrants noting.

LOW DevDependencies include packages with install scripts -5

esbuild and fsevents both set hasInstallScript:true in package-lock.json. esbuild downloads a platform-specific binary at install time; fsevents is an optional macOS filesystem watcher. Both are widely audited, published by reputable maintainers, and represent standard tooling patterns — not a meaningful risk vector.

INFO SKILL.md uses {baseDir} entrypoint template -3

The implementation entrypoint reference {baseDir}/dist/index.js uses a template variable. This is the standard OpenClaw skill convention for runtime path resolution. No injection risk in itself, but the variable must be resolved by the host runtime, not user-controlled input.

INFO Skill environment contains pre-installed academic-research-hub skill -3

The .clawhub/lock.json found in the skill package records academic-research-hub as installed. This file appears to be the executor environment's global lock file (not a skill-declared dependency), indicating another skill is active in the same environment. No functional coupling or chaining between the two skills was identified.