Is michaelmonetized/frontend-design-3 safe?

https://github.com/openclaw/skills/tree/main/skills/michaelmonetized/frontend-design-3

95
SAFE

This skill is a straightforward frontend design guidance document containing aesthetic principles, typography recommendations, and implementation philosophy. Static analysis reveals no prompt injection, no executable code, no exfiltration mechanisms, and no suspicious install-time behavior. The only notable concerns are mild motivational language nudging toward verbose outputs and a namespace suggesting commercial motivation, neither of which constitutes a security threat.

Category Scores

Prompt Injection 93/100 · 30%
Data Exfiltration 96/100 · 25%
Code Execution 98/100 · 20%
Clone Behavior 88/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 88/100 · 5%

Findings (4)

LOW Motivational nudge language in closing statement -7

The final line of SKILL.md reads 'Remember: Claude is capable of extraordinary creative work. Don't hold back — show what can truly be created when thinking outside the box and committing fully to a distinctive vision.' This is flattery designed to elicit more elaborate outputs. While not a classic prompt injection, it attempts to override the agent's default conservative code generation behavior. The effect is limited to output verbosity and not a security concern.

LOW Namespace signals commercial intent -12

The skill owner slug 'michaelmonetized' suggests the author intends to monetize this skill or related offerings. This is not inherently malicious, but users should be aware that the skill may be designed to generate impressively complex code (driving engagement/dependency) rather than optimal, minimal solutions. The skill content is clean but the commercial framing warrants awareness.

INFO Canary file accesses attributable to audit framework 0

inotifywait and auditd records show reads of .env, .ssh/id_rsa, .aws/credentials, .npmrc, .docker/config.json, and GCP credentials at timestamps 1771920584 (5 seconds before git clone) and 1771920609 (6 seconds after install completes). The timing is consistent with the Oathe harness performing pre-install and post-install canary baseline checks, not with any skill-initiated file access. The skill contains no instructions that could cause these reads.

INFO Pre-existing Ubuntu infrastructure connections observed -12

Network traffic to 91.189.91.48, 185.125.188.57, and 185.125.188.58 (Canonical/Ubuntu servers) appears in the BEFORE baseline state and is absent from the AFTER state. These are standard Ubuntu motd-news and update check connections initiated at SSH login, unrelated to the skill installation.