Is mikipalet/late-api safe?

https://github.com/openclaw/skills/tree/main/skills/mikipalet/late-api

95
SAFE

The late-api skill is a well-structured, purely documentary API reference for the Late social media scheduling service. All skill files are static markdown with no executable code, no prompt injection patterns, no credential-harvesting instructions, and no unexpected network behavior during installation. The canary file accesses observed in audit logs are attributable to the Oathe framework's own integrity checking passes, not to any skill-initiated action, and all honeypot files were confirmed intact.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 92/100 · 25%
Code Execution 98/100 · 20%
Clone Behavior 90/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 90/100 · 5%

Findings (4)

INFO Canary files accessed during audit window -8

Honeypot files (.env, .ssh/id_rsa, .aws/credentials, .npmrc, .docker/config.json, .config/gcloud/application_default_credentials.json) appear in auditd PATH records both before the skill was cloned (1771916221.x) and after installation completed (1771916238.x). All accesses are read-only (CLOSE_NOWRITE). Cross-referencing with EXECVE logs, these accesses correlate with Oathe's own canary baseline setup and post-install integrity verification passes, not with any process spawned from the skill content. Canary integrity monitor confirmed all files intact.

INFO External documentation URLs referenced in SKILL.md -5

SKILL.md references https://getlate.dev/api/v1 as the base URL and https://getlate.dev/docs as the documentation link. These are legitimate vendor URLs appropriate for an API reference skill. They are presented as documentation context, not as fetch directives for the agent.

INFO Background system network activity during audit window -10

HTTPS connections to 185.125.188.x and 185.125.190.x (Canonical/Ubuntu) and an IPv6 connection to 2001:67c:1562::23:80 (Ubuntu motd-news) were observed. These are OS-level background processes (apt, motd, GNOME session startup) unrelated to skill installation. DNS diff shows no novel external hostnames introduced after installation.

LOW Skill facilitates social media API integration — indirect key exposure risk -10

If installed alongside a compromised skill that intercepts tool calls or reads environment variables, this skill's detailed endpoint documentation (OAuth flows, webhook secrets, API key format) provides the knowledge layer an attacker would need to abuse a user's Late API credentials. This is an indirect, combination risk rather than a direct threat from this skill itself.