Is metaspartan/mactop safe?

https://github.com/openclaw/skills/tree/main/skills/metaspartan/mactop

93
SAFE

The metaspartan/mactop skill is a straightforward documentation-only skill that instructs an LLM agent to invoke the mactop hardware monitoring CLI on Apple Silicon Macs. No executable code, install hooks, prompt injection, or data exfiltration instructions were detected. The canary file reads observed in monitoring are attributable to the audit framework's own initialization and are not caused by the skill.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 96/100 · 20%
Clone Behavior 88/100 · 10%
Canary Integrity 90/100 · 10%
Behavioral Reasoning 92/100 · 5%

Findings (3)

LOW Canary file reads logged before install window -10

All six honeypot credential files (.env, .ssh/id_rsa, .aws/credentials, .npmrc, .docker/config.json, gcloud credentials) were opened read-only at audit session start (~6 seconds before the skill install commenced). No content modification was detected. Timing strongly attributes these reads to the Oathe audit framework's own baseline/canary setup routine rather than any skill-initiated action.

INFO Hardware telemetry surfaced by design -10

The skill's core function is to expose CPU, GPU, power, thermal, network I/O, and chip identity data from Apple Silicon. This is the stated purpose and not an attack vector in isolation.

INFO No installable code — documentation only -4

Skill payload is two static files: a markdown documentation file and a JSON metadata file. The bash examples in SKILL.md are executed by the agent at query time only if the agent follows the documented pattern; no code runs at install time.