Is minbang930/giphy safe?

https://github.com/openclaw/skills/tree/main/skills/minbang930/giphy

97
SAFE

This Giphy integration skill appears safe and legitimate, containing only documentation files with no executable code or malicious behavior. The skill requires user-provided API credentials and implements appropriate content filtering.

Category Scores

Prompt Injection 100/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 95/100 · 5%

Findings (2)

LOW System processes accessed honeypot files during installation -5

During skill installation, system processes accessed sensitive honeypot files including .env, SSH keys, and cloud credentials. However, file integrity monitoring confirms no actual exfiltration occurred and these accesses appear to be from legitimate system daemons rather than the skill itself.

LOW Potential for inappropriate content delivery -5

While the skill specifies safe-for-work content filtering (rating=g), there remains a theoretical risk that inappropriate GIF content could be delivered through the Giphy API, though this risk is well-mitigated by the explicit content filtering.