Is matthewpoe/personal-crm safe?

https://github.com/openclaw/skills/tree/main/skills/matthewpoe/personal-crm

96
SAFE

This is a legitimate personal relationship management tool that helps users track contacts, birthdays, and conversation history through local file storage. The skill contains only documentation files with no executable code, and monitoring detected no malicious behavior during installation or canary file tampering.

Category Scores

Prompt Injection 98/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 95/100 · 5%

Findings (3)

INFO Personal Data Storage -5

The skill creates local files to store personal contact information including names, emails, phone numbers, birthdays, and conversation history. This is expected behavior but involves sensitive personal data.

INFO Personal Information Management -5

The skill encourages detailed tracking of personal relationships and conversations, which could be sensitive if accessed by unauthorized parties, but serves legitimate productivity purposes.

LOW Detailed Agent Behavior Specifications -2

The skill contains extensive descriptions of how the agent should behave, including specific conversation examples and behavioral patterns, though none are malicious.