Is michaelmonetized/web-architecture safe?

https://github.com/openclaw/skills/tree/main/skills/michaelmonetized/web-architecture

97
SAFE

This skill is a pure markdown documentation package providing multi-agent orchestration workflow guidance for TypeScript/Next.js/Convex projects. All five files are markdown with no executable content, no git hooks, no submodules, no package.json install scripts, and no prompt injection attempts. Canary file reads visible in monitoring logs are attributable to the Oathe audit harness performing pre- and post-install baseline checks, not to any skill-initiated code. Network activity was limited to GitHub (for clone) and Canonical infrastructure (background OS processes).

Category Scores

Prompt Injection 96/100 · 30%
Data Exfiltration 97/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 93/100 · 5%

Findings (3)

INFO Pre/post-install canary reads by monitoring infrastructure 0

Filesystem and auditd records show opens of all honeypot credential files (.env, id_rsa, .aws/credentials, .npmrc, .docker/config.json, gcloud credentials) at the very start of the monitoring window (13:16:05, before git clone) and again at the very end (audit timestamp 1771938986). These access patterns are consistent with baseline checksum collection and final integrity verification performed by the Oathe audit harness itself, not by any code from the skill under test. The canary integrity monitor confirms all files are intact.

LOW Blanket no-timeout directive for sub-agents -4

The skill instructs the host agent to ensure sub-agents run without timeout limits. This is a legitimate recommendation for multi-agent workflows (preventing partial code states), but it does constitute an instruction that could extend agent resource consumption. It does not attempt to suppress output, change persona, or override security-relevant instructions.

INFO Normal git sparse-checkout from GitHub monorepo 0

Installation performed a shallow clone of the openclaw/skills monorepo to /tmp/monorepo-clone with GIT_TEMPLATE_DIR=/dev/null (suppresses template hooks), then a sparse-checkout to extract only the target subpath, followed by a recursive copy and cleanup. This is a standard, clean installation pattern with no post-install scripts.