Is micktaiwan/lemlist-official safe?

https://github.com/openclaw/skills/tree/main/skills/micktaiwan/lemlist-official

94
SAFE

This skill provides legitimate integration with the Lemlist marketing automation platform through standard API calls. The code is clean with no malicious behavior detected, though it inherently handles sensitive marketing data and provides broad campaign management capabilities.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 95/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 85/100 · 5%

Findings (4)

INFO External URL references in documentation -5

The skill documentation references external URLs for legitimate Lemlist service endpoints and documentation

LOW Webhook functionality present -10

The skill includes webhook management capabilities which could theoretically be configured to send data to external endpoints, though this is legitimate functionality

INFO Python helper code in documentation -5

The skill includes Python code examples for API interaction, but these are documentation only and contain standard HTTP client code

LOW Broad marketing and lead management permissions -15

The skill provides extensive access to marketing campaigns and lead data, which could be misused for spam if credentials are compromised, though this is inherent to the legitimate service