Is mkelk/coordinate-meeting safe?

https://github.com/openclaw/skills/tree/main/skills/mkelk/coordinate-meeting

94
SAFE

This skill provides legitimate meeting coordination functionality by integrating with the meetlark.ai service. The skill contains no malicious code or obvious security threats, but does involve transmitting meeting data to an external service.

Category Scores

Prompt Injection 90/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 90/100 · 5%

Findings (3)

MEDIUM External API References -10

The skill instructs the agent to make HTTP requests to meetlark.ai, an external third-party service. While this appears to be the legitimate purpose of the skill, it does direct the agent to interact with external systems.

MEDIUM External Data Transmission -10

The skill facilitates sending meeting coordination data (participant names, meeting purposes, scheduling preferences) to the external meetlark.ai service. While this is the skill's intended function, it does involve transmitting potentially sensitive information to a third party.

LOW Third-Party Service Dependency -10

The skill relies entirely on an external service (meetlark.ai) for its functionality. This creates potential risks if the service is compromised, discontinued, or has its own security vulnerabilities.