Is mercuryeey/hello-world safe?
https://github.com/openclaw/skills/tree/main/skills/mercuryeey/hello-world
The mercuryeey/hello-world skill is a minimal, benign greeting utility with no executable code, no prompt injection vectors, and no data exfiltration capability. All sensitive file accesses observed in monitoring pre-date the skill installation by several seconds and are conclusively attributable to the audit framework's canary setup and post-install verification scans. The SKILL.md content is limited to straightforward greeting formatting instructions with no attack surface.
Category Scores
Findings (3)
INFO Sensitive file path accesses attributable to audit canary setup -5 ▶
Auditd PATH syscall records show accesses to .env, .ssh/id_rsa, .aws/credentials, .npmrc, .docker/config.json, and gcloud credentials. These accesses occur at Unix timestamp 1771921347.387, which is approximately 5 seconds before the skill git clone begins at 1771921352.903. This timing conclusively places these accesses in the pre-install audit canary setup phase. A second batch at 1771921363.819 occurs during the post-install verification scan. No accesses are attributable to the skill content itself.
INFO Post-install outbound connections from audit framework process -7 ▶
The connection diff shows the openclaw-gateway process (PID 1094, audit infrastructure) established TCP connections to 98.83.99.233:443 and 104.16.2.34:443 after install. Both connections are bound to the openclaw-gatewa process name, confirming these are audit framework communications rather than anything initiated by the hello-world skill.
INFO Skill requests current date and time context -2 ▶
Instruction #2 asks the agent to include the current date and time in greetings. This is entirely within the skill's declared functionality and benign, but represents the skill consuming a small amount of system context (clock). No exploitation vector exists.