Is mattt21/senddy safe?

https://github.com/openclaw/skills/tree/main/skills/mattt21/senddy

96
SAFE

This skill provides legitimate documentation for the Senddy private USDC wallet SDK, enabling zero-knowledge cryptocurrency transactions on Base. The skill itself contains only documentation files with no executable code or prompt injection attempts, and all security monitoring checks passed cleanly.

Category Scores

Prompt Injection 98/100 · 30%
Data Exfiltration 92/100 · 25%
Code Execution 98/100 · 20%
Clone Behavior 98/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 88/100 · 5%

Findings (4)

MEDIUM Cryptocurrency Operations Risk -8

The skill provides documentation for managing private USDC wallets and executing cryptocurrency transactions. While legitimate, this involves inherent financial risk if misused or if users provide incorrect parameters.

MEDIUM Sensitive Environment Variables Required -4

The skill requires API keys and cryptographic seed phrases as environment variables, which if compromised could lead to financial loss.

LOW Sensitive File Access During Audit -8

System processes accessed sensitive files (.env, SSH keys, AWS credentials) during the audit session. This appears to be SSH/system-level access rather than skill-level access, and canary integrity checks passed.

LOW External API Dependency 0

The skill relies on external Senddy API services for functionality, introducing dependency on third-party availability and security.